Tutorial 3

Objective
The objective of this exercise is to introduce you to the features and role of Nmap in auditing systems.
While the Windows NT ported version of Nmap has the same features as the Linux version and is covered
in this exercise, given a choice between the two, the Linux version is the more stable and robust version.

Requirements
 Software

Windows NT 4.0 SP (Service Pack) 4 or later, Windows 2000, or Windows 9x

Windows version of Nmapnt, available at http://www.eeye.com/html/Research/Tools/nmapNT.html

Linux version of Nmap, available at http://www.insecure.org/nmap/nmap_download.html

Challenge Procedure
The following are the steps you need to perform for this exercise:

1. Install Nmap and Nmapnt.

2. Perform a simple scan.

3. Perform a stealth scan.

4. Perform an OS identification.

5. Perform an OS identification and service selection.

Challenge Procedure Step-by-Step

The following are the detailed steps you need to complete to install Nmap:

1. First, you'll install NmapNT. Download NmapNT

from http://www.eeye.com/html/Research/Tools/nmapNT.html. Unpack the NmapNT Zip file.
2. Next, install the winpcap drivers. Right-click your Network Neighborhood icon; then select My
Network Places. Select Properties, and then choose your network adapter and either
click Properties or select the Services tab. An alternative method is to click the Start menu,
select Settings, Network and Dial-up Connections, and then select your network adapter. When it
appears select Properties.
3. In the adapter's Properties screen, click Install.

4. In the Select Network Component Type screen, select Protocol and click Add.
5. In the Select Network Protocol screen, click the Have Disk button.

6. In the Install from Disk screen, click Browse and navigate to the DRIVERS directory where you
installed NmapNT. The directory should be C:\Program Files\NmapNT\ DRIVERS. There should
also be three subdirectories. Choose the one appropriate for your operating system.
7. In the Select Network Protocol screen, select Packet Capture Driver and click OK.

8. The Files Needed screen appears. Click OK.

9. Next, click OK and Close until you are returned to the desktop. Then, reboot your system.

10. Now, you'll install Nmap for Linux. Download the Nmap RPM (RedHat Program Manager)
from http://www.insecure.org/nmap/nmap_download.html. Use the rpm command to install the nmap
rpm file:

rpm -Uhi nmap-2.54-beta.i386.rpm

11. Now, perform a simple scan. Use 127.0.0.1 for the IP address for each of the following steps.
Open a command prompt and enter the following command:

nmapnt 127.0.0.1

NOTE

The commands entered are identical for Nmap and NmapNT.

12. Next, check to see if the host is really down as opposed to blocking ping probes using the following
command:

nmapnt –P0 127.0.0.1

NOTE

The –P0 (the 0is a zero) option tells Nmap to scan the IP address regardless of whether it allows
Internet Control Message Protocol (ICMP) traffic to it.
 13. Next, you'll perform a stealth scan. Enter the following command:

nmapnt –sS –P0 –p135 127.0.0.1

NOTE

The –sS option performs a SYN scan instead of the default TCP connect scan.The –p option
specifies the ports to scan.

Challenge Question: What is the difference between a TCP-connect scan and a SYN scan?

14. Now, you'll perform an OS identification. Use the following command:

nmapnt –sT –O 127.0.0.1

NOTE

The –sT option is used for the TCP-connect scan. It is not required because it is considered the
default type of scan.The –O option attempts to perform OS fingerprinting by analyzing the
predictability of the sequence numbers returned from the target device. This option can also add a
considerable amount of time to the scan length. Note that it's not 100% accurate. Use it to get an
idea of the number returned, but don't use it for accuracy.
15. Next, in addition to OS identification, you will perform a service selection scan.

Challenge Question: How accurate is the operating system estimate of the previous step?