Scribd
Upload
5 views

Lab-Project 3: Analyzing A Port Scan

HOD401-IA1705-SS

Uploaded by

Nguyễn Thị Anh Thư
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
5 views

Lab-Project 3: Analyzing A Port Scan

HOD401-IA1705-SS

Uploaded by

Nguyễn Thị Anh Thư
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

Lab-Project 3: Analyzing a Port Scan

What You Need

● A Kali Linux machine (real or virtual)

● A Windows machine (real or virtual)

Finding the IP Address of Your Windows Machine


From your Windows desktop, click Start. In the search box, enter CMD and press the Enter
key.
In the Command Prompt window, enter the IPCONFIG command and press the Enter key.
Several IP addresses appear.
Find the adapter that goes to your LAN. In S214, it's the adapter with an IP address starting
with "192.168.1". Make a note of that IP address.
Turning Off the Windows Firewall
From your Windows desktop, click Start. In the search box, enter FIRE.
In the "Control Panel" section of the results, click "Windows Firewall".
On the left side of the "Windows Firewall" box, click "Turn Windows Firewall on or off".
Click both of the "Turn off Windows Firewall (not recommended)" buttons, as shown
below.
Click the OK button.

Start Your Kali Linux Virtual Machine


Launch your Linux virtual machine. When your machine starts up, log in as root with a
password of toor.
Pinging the Windows Machine From the Linux Virtual Machine
At the upper left of your Linux desktop, click the little black square icon to open a Terminal
window.
In the Terminal window, after the # prompt, enter this command, replacing the IP address
with the IP address of your Windows machine.
Then press the Enter key.
ping 192.168.1.101
You should see lines saying "64 bytes from...", indicating that you do have a working
network connection between the two machines. I
If you don't see replies, you need to troubleshoot your VMware networking. There are tips to
guide you through that in Project 2.
When the ping is working properly, type Ctrl+C to stop the pinging.
Installing Zenmap
Kali Linux does not include Zenmap by default. To install it, you need an Internet
connection.
On your Kali Linux desktop, in the Terminal window, execute this command:
ping google.com
You should see lines saying "64 bytes from...". Press Ctrl+C to stop the pings.
If you don't see replies, you need to fix your networking before proceeding.
On your Kali Linux desktop, in the Terminal window, execute this command:
apt-get install zenmap -y
This installs Zenmap.
Starting The Wireshark Network Analyzer
On your Kali Linux desktop, in the Terminal window, execute this command:
wireshark
A box pops up warning you that wireshark is running as root. Check the "Don't show this
message again" box and click the OK button.
In the Wireshark window, verify that "eth0" is highlighted, as shown below, and click Start.
Starting zenmap
In Kali, click the black square icon at the upper left of the desktop to open a new Terminal
window.
In the Terminal window, execute this command:
zenmap
Performing a Ping Sweep of your Network
In the "Profile" box, select "Ping Scan", as shown below.
In the Target box, enter the network address of the network containing both your Kali and
Windows machines, followed by the CIDR notation number (usually 24), like this:
192.168.1.0/24
Click Scan.
Nmap pings the whole LAN.
When the sweep completes, you should see a list of the hosts that were found on the left side
of the Nmap window, as shown above. The IP addresses and the total number of hosts may
be different, but you should detect at least two hosts—your Linux and Windows machines.
Saving a Screen Image
Make sure at least two machines are visible in the left pane of the Zenmap window, as shown
above.
Click the taskbar at the bottom of your host Windows 7 desktop, to make the host machine
listen to the keyboard, instead of the virtual machine.
Press the PrintScrn key in the upper-right portion of the keyboard. That will copy the whole
desktop to the clipboard.
YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT!
On the host machine, not the virtual machine, click Start.
Type mspaint into the Search box and press the Enter key.
Click in the untitled - Paint window, and press Ctrl+V on the keyboard. The desktop appears
in the Paint window.
Save the document with the filename "YOUR NAME Lab-Project 3a", replacing "YOUR
NAME" with your real name.
Using Wireshark to Analyze the Ping Sweep
In the Wireshark: Capture Window, click Capture, Stop. You should see a lot of ARP
requests, as shown below on this page. Because you are scanning your own LAN, Nmap uses
ARP broadcasts rather than ICMP packets to find hosts.

Performing an Quick Scan of the Windows Machine


In the Zenmap window, enter the IP address of your Windows machine in the Target field.
Select a Profile of "Quick Scan", as shown below on this page.
Click Scan.
When the scan completes, you should see a list of open ports including "135/tcp open", as
shown below.

Starting a New Wireshark Capture


In the The Wireshark Network Analyzer window, click Capture, Start. If you see a message
saying "Save capture file before starting a new capture?", click "Continue without saving".
Performing a Connect Scan of Port 135 only
In the Zenmap window, select a Profile of "Intense scan, all TCP ports".
Notice the Command line. It currently shows this command, as shown below:
nmap -p 1-65535 -T4 -A -v 192.168.119.219

Make these three changes in this line:

● Change "-p 1-65535" to "-p 135" to scan port 135 only

● Remove "-A" to skip service scanning

● Add -sT to do a Connect Scan

Your command should match the image below, except for the IP address:

Click the Scan button.


You should see one line of green text, showing port "135/tcp open", as shown above.
Using Wireshark to Analyze the Connect Scan
In the Wireshark Window, click Capture, Stop.
In the Filter box, type this filter:
tcp.port==135
Press Enter. The Info column should show this pattern of four packets, as shown below:
[SYN]
[SYN, ACK]
[ACK]
[RST, ACK]

This is a complete TCP three-way handshake, followed by a RST to end the session.
Saving a Screen Image
Make sure the four required packets are visible in Wireshark, as shown above.
Click the taskbar at the bottom of your host Windows 7 desktop, to make the host machine
listen to the keyboard, instead of the virtual machine.
Press the PrintScrn key in the upper-right portion of the keyboard. That will copy the whole
desktop to the clipboard.
YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT!
On the host machine, not the virtual machine, click Start.
Type mspaint into the Search box and press the Enter key.
Click in the untitled - Paint window, and press Ctrl+V on the keyboard. The desktop appears
in the Paint window.
Save the document with the filename "YOUR NAME Lab-Project 3b", replacing "YOUR
NAME" with your real name.
Turning in Your Project
Email the image to [email protected] with a subject of "Lab-Project 3 from YOUR NAME"

You might also like