MSc-IT Part2 Sem3 53004190005

Practical 2

A. Perform Network Discovery using the following tools

Solar Wind Network Topology Mapper
The first aspect of network discovery is finding all the IP addresses on the network,
including static, dynamic, reserved, and abandoned IP addresses capable of being
reallocated. Network discovery determines which ports are in use, and which ports
are open on each device. If a device has open ports that are not necessary for the
device to be used, this could be a security issue. Using network discovery to map the
ports on your network can help ensure unnecessary ports are kept closed to prevent
access by an intruder.
It is possible to perform network discovery manually, though the risks are mistakes
being made and parts of the network not being accurately mapped or monitored.
And, without the assistance of network discovery tools, troubleshooting
performance issues can be a long and tedious process. Using software to take the
pain out of this process will also free you and your team up to focus on other things
or to work on improving your network.
Network mapping software built to automatically plot your network. It is a Topology-
based approach: see where things are connected, ignore things not relevant. One
map is rarely enough to comprehensively discover your environment: you can
designate sub-admins to discover just their segments of network. Maps are updated
automatically.
Key Features:
a. Automate device discovery and mapping.
b. Build multiple maps from a single scan.
c. Export network diagrams to Visio, PNG, Orion Network Atlas, PDF & NTM
Map format.
d. Auto-detect changes to network topology.
e. Perform multi-level network discovery.
f. Address regulatory PCI compliance.

SolarWinds Network Topology Mapper (NTM) is purpose-built to focus on mapping

networks and can build several different network map types using a single discovery
scan.
Download the application from https://www.solarwinds.com/network-topology-
mapper.
23
Page

Security Breaches and Countermeasures

MSc-IT Part2 Sem3 53004190005

Create a map:
i. Create a new scan:
Click New Scan.
Add credentials.
Identify the network segment (subnet, ip ranges)
You can ignore devices.
Kick off the scan.
Map is created.
ii. Rearrange objects on the map, add devices or delete devices you don't want
to see.
iii. Save the map.
iv. Export (Visio, Network Atlas, PDF)
v. Create reports (such as make an inventory report and export it to csv).

SolarWinds Network Topology Mapper (NTM) shows nodes on your network,

indicates and updates status both for the nodes and the network connections
between them in interrelated, scalable maps with customizable icons.
The topological overview of NTM complements your network monitoring system
[SolarWinds Network Performance Monitor (NPM)], by showing how an issue with a
particular node impacts larger aspects of your network. NPM lists alerts in order or
urgency and NTM distributes alerts on a map. For example, NTM indicates if a
particular switch sits in the path of all other alerting nodes.

24
Page

Security Breaches and Countermeasures

MSc-IT Part2 Sem3 53004190005

B. Use the following censorship circumvention tools

Tails OS

Tails is a portable operating system that protects against surveillance and

censorship. Tails uses the Tor network to protect your privacy online and help you
avoid censorship. Enjoy the Internet like it should be.
Shut down the computer and start on your Tails USB stick instead of starting on
Windows, macOS, or Linux. Tails leaves no trace on the computer when shut down.
Tails includes a selection of applications to work on sensitive documents and
communicate securely. Everything in Tails is ready to-use and has safe defaults.
You can temporarily turn your own computer into a secure machine. You can also
stay safe while using the computer of somebody else.
Tails is a 1.2 GB download and takes ½ hour to install. Tails can be installed on any
USB stick of 8 GB minimum. Tails works on most computers less than 10 years old.
You can start again on the other operating system after you shut down Tails You do
not have to worry about the computer having viruses because Tails runs
independently from the other operating system and never uses the hard disk. But
Tails cannot always protect you if you install it from a computer with viruses or if
you use it on a computer with malicious hardware, like keyloggers.
Download Tail OS from https://tails.boum.org/.

25
Page

Security Breaches and Countermeasures

MSc-IT Part2 Sem3 53004190005

C. Scanning Network Using Nmap

To perform network scanning using Zenmap, go to http://nmap.org/ to download Nmap.
1. Download the Windows .exe file. Here, nmap 7.91 setup.exe is to be downloaded.

2. Now the Nmap file will start downloading and perform the setup. A License
agreement window will appear > Click on I Agree.

3. Now next window will be the following window as shown in the below image > Click
on Next.

26
Page

4. The following window will appear next > Click on Install.

Security Breaches and Countermeasures

MSc-IT Part2 Sem3 53004190005

5. After performing the proper setup steps Nmap-Zenmap GUI icon will appear on you
desktop. After double-clicking on it following screen will appear.

6. In the Command text box, type nmap O 192. XX. XX. XX command. I will show the
following output:

27
Page

Security Breaches and Countermeasures

MSc-IT Part2 Sem3 53004190005

7.

8. Click on Topology tab > Click on Fisheye view to get a better view of the topology.

The Fisheye View of the Topology is shown in the below image:

28
Page

Security Breaches and Countermeasures

MSc-IT Part2 Sem3 53004190005

9. Click on the Host Details tab. It will show the details about Host Status, Addresses
and the Operating system.

10. Click on Scan tab to check the status of the scan.

11. Now, Click on Services tab > Select any service > Click on Ports/Hosts tab. It will show
the list of all the ports on which the services are running. It will also show the status
of the ports. The ports can be: open, closed and unknown. 29
Page

Security Breaches and Countermeasures

MSc-IT Part2 Sem3 53004190005

12. Click on Scan. The following window will appear.

13. Close the Zenmap and Launch it again. Now, in Command text box > type nmap --
packet-trace <IP address of the target machine;*>
After doing this Nmap will start sending some packets to the target machine and
receive them in due time. It will show the summary of the packets which are sent
and received as shown in the below image.

30
Page

Security Breaches and Countermeasures

MSc-IT Part2 Sem3 53004190005

At the end of the page it will also show open ports.

14. Click on the Ports/Hosts tab to get the information about ports, protocol, state and
the version of the machine which is scanned.

15. Click on the Topology tab > Click on Fisheye to get a better view of the topology.

31
Page

Security Breaches and Countermeasures

MSc-IT Part2 Sem3 53004190005

16. Click on Host Details tab.

17. Go to Scans to get the status of the scan.

18. Now, Click on the Services tab > Select http and then click Scan. It will show the
following:

32
Page

Security Breaches and Countermeasures

MSc-IT Part2 Sem3 53004190005

19. From the Profile combo box > Select Slow Comprehensive scan > Click on Scan.

20. From the Profile combo box > Select Intense scan > Click on Scan.

33

21. In similar way, you can also perform other different types of scans from the profile
Page

combo box.

Security Breaches and Countermeasures

MSc-IT Part2 Sem3 53004190005

22. A new profile can also be created. Click on Profile > Select New Profile or Command.

23. A Profile Editor dialog box will appear. Type Null scan in the Profile name text box.

24. Now click on the Scan tab.

34

- From the TCP scan combo box > Select Null scan (-sN).
- From the Non-TCP scans combo box > Select None.
Page

Security Breaches and Countermeasures

MSc-IT Part2 Sem3 53004190005

- From the Timing template combo box > Select Aggressive (-T4).
- -A) checkbox.
- Click on Save changes.

25.
new profile > Click on Scan. It will show the following:

This summarizes, Nmap helps to scan the whole subnet, TCP and UDP ports of the network.
35
Page

Security Breaches and Countermeasures

MSc-IT Part2 Sem3 53004190005

D. Use Scanning Tools for Mobile

Network Scanner
App will find all hosts in your home network or in selected IP range.
It can be used not only to know who are using your WiFi and learn more about every device, but
also for professional tasks: dynamically port scanning and ability to filter hosts by opened ports
allows to find a server of needed service in selected network.
IP scanner supports 4 modes for scan - arp read, icmp ping, udp ping, dns request. Also you can
select used dns server manually to scan your private networks.
This is only little part of abilities of this network scanner.

36
Page

Security Breaches and Countermeasures

MSc-IT Part2 Sem3 53004190005

Fing Network Tools

Fing is the #1 Network Scanner: discovers all the devices connected to your WiFi and identifies
them, with our patented technology used also by router manufacturers and antivirus companies
worldwide.

Run Wi-Fi and Cellular internet speed tests, download speed and upload speed analysis and
latency.
-Fi & LAN network scanner and discover all devices connected to
any network.
Get the most accurate device recognition of IP address, MAC address, device name, model,
vendor, and manufacturer.
Includes port scanning, device ping, traceroute and DNS lookup.
Receive network security and device alerts to your phone and email.

When not connected to Wifi.

37
Page

Security Breaches and Countermeasures

MSc-IT Part2 Sem3 53004190005

When connected to WIfi.

38
Page

Security Breaches and Countermeasures