Scribd
Upload
16 views7 pages

Lab12_IS_DP.pdf

The document outlines a lab work assignment for a course on Information Security and Data Protection, focusing on using Nmap for network scanning. Students are required to set up a network, install necessary software, and perform various scanning techniques to analyze a web server. It also provides detailed instructions on network concepts such as IP addresses, MAC addresses, subnet masks, and DHCP, along with descriptions of different Nmap scanning methods.

Uploaded by

abdrahymaset2
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
16 views7 pages

Lab12_IS_DP.pdf

The document outlines a lab work assignment for a course on Information Security and Data Protection, focusing on using Nmap for network scanning. Students are required to set up a network, install necessary software, and perform various scanning techniques to analyze a web server. It also provides detailed instructions on network concepts such as IP addresses, MAC addresses, subnet masks, and DHCP, along with descriptions of different Nmap scanning methods.

Uploaded by

abdrahymaset2
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Course title: Information security and data protection

Instructor: Adilbekkyzy Sairan

Lab work 12
WARNING: Points WILL NOT BE COUNTED for plagiarism or copying someone
else's work (plagiarism is a violation copyright)

ASSESSMENT: Students are required to demonstrate and receive a grade for their lab
work during class.

Topic. NMAP - the Network MAPper.

Lab practice assignments:


1. Set up a network consisting of two computers.
2. Install the web server <sudo apt-get install apache2> on one of the virtual machines.
Install on the other one – Nmap <sudo apt-get install nmap>.
3. Determine the IP address of the virtual machine where the Apache web server is
installed.
4. Scan the web server using all the methods described in Nmap scanning.

Instructions and recommendations

IP address is a unique network address of a node in a computer network built using the IP
protocol. The Internet requires globally unique addresses; in the case of working on a local
network, the uniqueness of the address within the network is required.

MAC address (Media Access Control - also Hardware Address) is a unique identifierassigned
to each piece of active computer network equipment.

Subnet mask is a bit mask that determines which part of the IP address of a network host refers
to the network address, and which part refers to the address of the host itself in this network (in
this case, unlike the IP address, the subnet mask is not part of the IP packet) . For example, a
host with an IP address of 12.34.56.78 and a subnet mask of 255.255.255.0 is on the network
12.34.56.0 with a prefix length of 24 bits. For IPv6 addressing, the address
2001:0DB8:1:0:6C1F:A78A:3CB5:1ADD with a prefix length of 32 bits (/32) is located on the
network 2001:0DB8::/32.

DHCP is a network protocol that allows computers to automatically obtain an IP address and
other parameters necessary to operate on a TCP/IP network. This protocol operates on a client-
server model. For automatic configuration, the client computer, at the network device
configuration stage, contacts the so-called DHCP server and receives the necessary parameters
from it. The network administrator can specify the range of addresses distributed by the server
among computers. This allows you to avoid manual configuration of network computers and
reduces the number of errors. The DHCP protocol is used on most TCP/IP networks.

Warning. To perform this lab, it is recommended to select the “Bridged Networking”


connection typeon both machines. You can read more about setting up a network in VirtualBox
on the VirtualBox website.
Nmap
There are several Nmap scanning tools that are widely used today. Let's look at some of them.

Ping scan
The most common and simplest scanning method is a simple ping scan, which involves
sending ICMP packets to different hosts. The host that is active will respond to these packets.

TCP Connect()
The second scanning method available is TCP Connect. It consists in the fact that thescanning
machine tries to establish a connection with the scanned machine. A successful result indicates
that the port is open, an unsuccessful result indicates that it is closed or filtered. This scanning
is easily detected by the huge number of entries in the log file of unsuccessful attempts to
establish a connection and errors in the execution of this operation.It is clear that the protection
tools will block the address that causes errors with maximum speed.
-v: Increase verbal level (set twice or more to increase effect)
TCP-SYN
A more advanced scanning method is TCP SYN - the so-called “half-open scan”. When called,
Nmap sends a SYN packet, as if to establish a new connection. If the response contains the
SYN or ACK flags, the port is considered open. The RST flag says otherwise. If a response is
received indicating that the port is open, nmap immediately sends an RST packet to reset the
connection that has not yet been established. Scanning is carried out onlyif you have superuser
rights (root).

FIN, Xmas Tree and NULL scans


However, the firewall or other security measures may be waiting for incoming SYN packets.
Because of this, this scanning method often does not produce results. Therefore, there is a
whole group of possible scanning methods alternative to TCP SYN. These are FIN, Xmas Tree
and NULL scans. Most operating systems, by default, according to recommendations, should
respond to such packets arriving on closed ports with the RST flag. An important detail: not a
single Windows operating system will ever respond with an RST packet to an incoming FIN,
XmasTree or NULL packet. Using this fact, even with similar, generally not very detailed
scans, we can assume at least a family of operating systems.
IP Protocol Scan
The method consists in sending IP packets without headers to the host for each protocol of
the scanned host. If a message is received indicating that a protocol is unavailable, then this
protocol is not supported by the host. Otherwise it is supported.

ACK scan
ACK scanning consists of transmitting ACK packets to the scanned port. If an RST packet is
received in response, the port is classified as not filtered. If there is no response or the response
comes in the form of an ICMP port unreachable message, the port is considered filtered. This
method will never show the port status as "open".
TCP Window
TCP Window - similar to ACK scanning, however, by the values of the Initial Window field
of the TCP packet that came in response, you can determine open ports.

RPC scan
RPC scanning is used to determine the program serving the port and its version, and consists
of “flooding” open TCP or UDP host ports with SunRPC shell NULL packets.
OS Scan
And finally, the last one is scanning, used to determine the OS on the scanned host.

You might also like