Professional Documents
Culture Documents
Laboratory4 ITT450
Laboratory4 ITT450
4
ITT 450
ACTIVE RECONNAISSANCE
(ENUMERATING TARGET)
NAME: __________________________________________________________________
1. LAB OBJECTIVES
At the end of this laboratory session, students should be able to:
i. Explain the concept of 3-way handshake and how it is used in port scanning.
ii. Identify list of ports available on the target
iii. Identify list of services and its version number running on the target
iv. Differentiate difference type of scan available on nmap
2. INSTRUCTION
ENUMERATING TARGET
Enumerating target is a process used to find and collect information about ports,
operating systems and services running on the target machines. This information will be
handy later on to identify vulnerabilities that exists on the services discovered.
(Note: Please remember to keep your result from Laboratory 2 handy since we will be using
result from laboratory 2.)
PORT SCANNING
Port scanning is the method used to determine the state of the Transmission Control
Protocol (TCP) and User Datagram Protocol (UDP) ports on the target machines. An open
port means that there is service running on the port and is accessible whereby a close
port indicates that there is no service listening on that port.
Before proceeding with the lab, we need to have an understanding of the TCP/IP protocol.
1.Explain the TCP Protocol
____________________________________________________________
____________________________________________________________
____________________________________________________________
2. Explain the UDP Protocol
____________________________________________________________
____________________________________________________________
____________________________________________________________
SCAN OPTIONS
The default scan in nmap is TCP SYN (for a privileged user) but nmap is already fully
loaded with other types of scan.
1. For each of the following scan, execute the scan, explain characteristic of the scan, write
down the command and its output.
a. TCP Null scan
b. TCP ACK scan
c. TCP Windows scan
d. UDP scan
e. FIN scan
f. OS scan
f. Service scan
g. Ping scan
PORT OPTIONS
By default, nmap will only scan 1000 most common ports for each protocol but this can
change by specifying the port options.
1. Write down the command to scan for only port 22 and 80
____________________________________________________________
2. Write down the command to scan port from 1 to 1024
____________________________________________________________
3. Write down the command to scan for only 100 common ports.
____________________________________________________________
OUTPUT OPTIONS
Result of nmap can be save to external file so that it can be further analyze using other
tools. One of the options is to save the result as XML output.
1. Run the following command and write down the result. (If its too long, attached it with
your laboratory report)
nmap <IP address> -oX myDoman.xml
____________________________________________________________
____________________________________________________________
2. Write down the command to convert the the XML file into HTML file. Attached the
resulting HTML file with your report.
____________________________________________________________
____________________________________________________________
-End of Laboratory Session 4: Alhamdulillah and Well Done-