CMIT 265 Name:__________________________ nmap port scanner Download and install from: https://nmap.org/download.html Windows: Latest stable release self-installer: nmap-7.92-setup.exe Linux and Mac versions available too. ****** OPTIONAL ****************************** To permanently change the PATH variable on your own computer: 7: Right-click Computer | Properties | Advanced System Settings | Advanced tab | Environment Variables choose Path in System Variables, Edit, append to the end of it: ;C:\Program Files\nmap (or wherever you put the nmap folder) The semicolon separates components of the Path. Restart CMD, check that path is correct. ****** END OPTIONAL ****************************** nmap by itself gives a usage help. Notice there's a lot of options that a network admin or hacker can use. Zenmap GUI has pre-configured scan profiles. Profiles|Edit gives a desciption. Use nmap to do a "ping sweep" of our network to find all the hosts. nmap -sn 192.168.100.0/24 Paste the hosts it found: ______________________ Do a port scan of your computer: (Windows version of nmap can now scan localhost/127.0.0.1/yourIPaddress) TCP Ports/Services: ________ This is bascially the same as doing: netstat -a That doesn't try all ports. This does: nmap -p 1-65535 localhost Found any other listening ports: ______________________ Do a port scan of your neighbor's machine. nmap 192.168.100.1xx TCP Ports/Services: ________ After your neighbor port scans you, compare results. Any differences: __________ The "closed" ports are firewall settings that allow incoming connection requests but don't have a listening server. The firewall was configured to accept incoming HTTP on ports 80 and 8080. Port 12345 would be for our SimpChatServer. Do an operating system (-O) detection scan of your neighbor. What is it running and what are the details: ________________________ Do a UDP (-sU) port scan of your neighbor. UDP Ports/Services: _________________ What TCP ports on the default gateway (192.168.100.1) are "open": _______________________ what TCP ports are "closed":______ How many ports are "filtered":____________ Based on its MAC address, nmap identifies the manufacturer as:___________ Can your web browser connect to this host at its HTTP port:______ What does your 'services' file say 2869 is the well-known port for:________ The operating system of this router:___________ (use -O option) What other closed port shows up when this scan is done:_______ Do a UDP (-sU) port scan: _________________________________ (tftp is used by Cisco devices to upload a new version of IOS.) XP has a tftp client. In 7 you have to turn it on like the telnet client: Control Panel | Programs and Features | Turn Windows features on and off | TFTP Client but tftp is a non-interactive insecure and thus not usable here. What TCP ports on the Cisco router (192.168.100.198) are open: (this might take a while, so in another CMD continue with the next task) _______________________ What TCP ports on the Cisco switch (192.168.100.199) are open: _______________________ So what happens when you connect to its HTTP port: ________________ blank username, password is 'class'. A limited functionality. Windows has a 'finger' client. Read its usage and then finger all users on the switch. Output is similar to what IOS command:________________ UDP scans of the switch and router take a long time, so you don't need to do them. The switch runs snmp/161. The router runs echo/7, discard/9, chargen/19 and dhcps/67(?!) What TCP ports on your instructor's computer (192.168.100.1xx) are open: _______________________ The SimpChatServer is identified as what protocol:_________ What UDP ports on your instructor's computer (192.168.100.1xx) are open: _______________________ hmmm, "all" UDP ports are open? TFTP server is running, download the hello.txt file. What is its contents: __________________________ What TCP ports on the Netgear NAS toaster (192.168.100.1xx) are open: _______________________ What happens when you point your web browser to there:______________ What UDP ports are open (use the higher-numbered of the two IP addresses the toaster has): ____________________________ What open TCP and UDP ports are on the Linux server 192.168.100.1xx __________________________ What operating system is it running: __________________ Scan 192.168.13.1 (it's in a different network. Our network's default gateway connects to it) TCP Ports/Services: _______ OS:______ Do a UDP port scan: __________________ Scan 192.168.13.5 TCP Ports/Services: _________ Based on the listening ports, you could guess that this is what kind of device:________ Scan 192.168.50.1 the default gateway two networks away from us. TCP Ports/Services: _________ Based on the listening ports, you could guess that this is what kind of device:________ Scan 192.168.13.xxx The WAP in ??? TCP Ports/Services: _______ OS:______ Do a UDP port scan: __________________ Scan www.asia.umuc.edu TCP Ports/Services: ________________________________ UMUC Asia web site is there, so it must be running a web server. What does the operating system scan report it as:_____________ (In general, don't port scan other people's networks, as it could be taken as a hacker attack.) ******************** SKIP ********************************************* At Foster lab: ping 192.168.7.74 Result:__________________ Look at the ARP cache. What manufacturer :__________________ Scan 192.168.7.74 Result:_____________________ Scan 192.168.6.53 which runs various services: TCP Ports/Services: ______________ What OS is it:____________ Scan 192.168.6.96 which runs various services: TCP Ports/Services: ______________ What OS is it:____________ ******************** END SKIP ********************************************* nmap --traceroute scanme.nmap.org