Scribd Logo
Upload

Welcome to Scribd!

  • Laboratory4 ITT450

    Uploaded by

    nurul husaifah
    15 views5 pages
    This document provides instructions for a laboratory session on active reconnaissance and enumerating a target system. The objectives are to explain port scanning, identify open ports and services on the target, and differentiate nmap scan types. Students are instructed to run various nmap scans against a target IP or domain to identify open ports, services, and operating system. The results can be saved in XML format for further analysis.

    Original Description:

    Original Title

    Laboratory4-ITT450

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for a laboratory session on active reconnaissance and enumerating a target system. The objectives are to explain port scanning, identify open ports and services on the target, and differentiate nmap scan types. Students are instructed to run various nmap scans against a target IP or domain to identify open ports, services, and operating system. The results can be saved in XML format for further analysis.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    15 views5 pages

    Laboratory4 ITT450

    Uploaded by

    nurul husaifah
    This document provides instructions for a laboratory session on active reconnaissance and enumerating a target system. The objectives are to explain port scanning, identify open ports and services on the target, and differentiate nmap scan types. Students are instructed to run various nmap scans against a target IP or domain to identify open ports, services, and operating system. The results can be saved in XML format for further analysis.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 5

    LABORATORY

    4
    ITT 450
    ACTIVE RECONNAISSANCE
    (ENUMERATING TARGET)

    NAME: __________________________________________________________________

    STUDENT ID: ___________________________________________________________


    ITT450 – Laboratory Manual (Session 4)

    1. LAB OBJECTIVES
    At the end of this laboratory session, students should be able to:
    i. Explain the concept of 3-way handshake and how it is used in port scanning.
    ii. Identify list of ports available on the target
    iii. Identify list of services and its version number running on the target
    iv. Differentiate difference type of scan available on nmap

    2. INSTRUCTION

    ENUMERATING TARGET
    Enumerating target is a process used to find and collect information about ports,
    operating systems and services running on the target machines. This information will be
    handy later on to identify vulnerabilities that exists on the services discovered.
    (Note: Please remember to keep your result from Laboratory 2 handy since we will be using
    result from laboratory 2.)

    PORT SCANNING
    Port scanning is the method used to determine the state of the Transmission Control
    Protocol (TCP) and User Datagram Protocol (UDP) ports on the target machines. An open
    port means that there is service running on the port and is accessible whereby a close
    port indicates that there is no service listening on that port.
    Before proceeding with the lab, we need to have an understanding of the TCP/IP protocol.

    1.Explain the TCP Protocol
    ____________________________________________________________
    ____________________________________________________________
    ____________________________________________________________

    2. Explain the UDP Protocol
    ____________________________________________________________
    ____________________________________________________________
    ____________________________________________________________

    2019-2021© MOHD ALI MOHD ISA 2



    ITT450 – Laboratory Manual (Session 4)

    3. Explain three-way handshake with the aid of diagram.






    ____________________________________________________________
    ____________________________________________________________
    ____________________________________________________________
    ____________________________________________________________

    4. List range of well-known port numbers
    ____________________________________________________________

    5. List range of registered port numbers
    ____________________________________________________________

    NMAP
    1. nmap is basically the swiss-army knife of network security testing and is popular
    amongst security tester. Run nmap on the first domain or IP addresses obtained in lab 2
    by using the following command:
    nmap <IP address or domain>
    write down the output.
    ____________________________________________________________
    ____________________________________________________________
    ____________________________________________________________

    2. There are 6 port states that can be detected by nmap: open, closed, filtered, unfiltered,
    open|filtered, closed|filtered. Explain all of the states.
    ____________________________________________________________
    ____________________________________________________________
    ____________________________________________________________

    2019-2021© MOHD ALI MOHD ISA 3



    ITT450 – Laboratory Manual (Session 4)

    SCAN OPTIONS
    The default scan in nmap is TCP SYN (for a privileged user) but nmap is already fully
    loaded with other types of scan.
    1. For each of the following scan, execute the scan, explain characteristic of the scan, write
    down the command and its output.
    a. TCP Null scan
    b. TCP ACK scan
    c. TCP Windows scan
    d. UDP scan
    e. FIN scan
    f. OS scan
    f. Service scan
    g. Ping scan

    PORT OPTIONS
    By default, nmap will only scan 1000 most common ports for each protocol but this can
    change by specifying the port options.

    1. Write down the command to scan for only port 22 and 80
    ____________________________________________________________

    2. Write down the command to scan port from 1 to 1024
    ____________________________________________________________

    3. Write down the command to scan for only 100 common ports.
    ____________________________________________________________




    OUTPUT OPTIONS

    2019-2021© MOHD ALI MOHD ISA 4



    ITT450 – Laboratory Manual (Session 4)

    Result of nmap can be save to external file so that it can be further analyze using other
    tools. One of the options is to save the result as XML output.

    1. Run the following command and write down the result. (If its too long, attached it with
    your laboratory report)
    nmap <IP address> -oX myDoman.xml
    ____________________________________________________________
    ____________________________________________________________

    2. Write down the command to convert the the XML file into HTML file. Attached the
    resulting HTML file with your report.
    ____________________________________________________________
    ____________________________________________________________





    -End of Laboratory Session 4: Alhamdulillah and Well Done-

    2019-2021© MOHD ALI MOHD ISA 5

    You might also like