Port Scanning Assignment
Created Wednesday 28 October 2020
For this assignment, we will use our SecNet and a little of our bash skills. READ THE QUESTIONS CAREFULLY FIRST, if you don't, you may end up trying things that you don't really need to do, and know that you only need to provide me with answers for the questions in bold. Also, please feel free to try to explore around SecNet and try your own things; but definitely know how to stop running processes if you do.
Log in to your SecNet account and fire up your machine.
First, we will install some tools: The classic network probing program is nmap
sudo apt install nmap
if you're getting weird /var/lib/dpkg...lock messages (ENSURE THAT THE WORD LOCK IS SOMEWHERE IN THERE), know that those are "lock" files, which usually indicate that an install was interrupted or similar. Most often these can be safely deleted, you may get two in a row. But watch your typing (using your tab completion is a good idea) because you will need to do, e.g.
sudo rm /var/lib/dpkg/lock
First, lets just try ourselves. A common way to specify the localhost is via the hostname "localhost" — but I think it's useful to commit 127.0.0.1 to memory. Lets try default.
sudo nmap 127.0.0.1
- What did you get? You may copy and paste your results. You should have gotten at least one "hit." Remembering that in Linux, everything is off by default, please explain in words why you think you got that one hit (or those hits, if you've altered something on your machine?
Alright, let's see what else is out there. We're going to do a basic "ping sweep" — "pinging" a machine is the nice/public way to do things. But first, a few things:
When we specify the machines, we're going to do it like this: 192.168.72.0/24.
- Do a little googling if needed and explain what that "/24" part means.
The following command will ping sweep our SecNet machines, and likely provide a lot of output — in fact, MORE THAN YOU WILL NEED for the following questions, so get ready to use your bash skills to give me what I'm looking for. You will have to modify the following command and/or use additional commands as well.
sudo nmap -sP 192.168.72.0/24
(if things are going slow — try hitting ESCAPE, it will give you some info on how long it will take. This might be a disaster, we will see)
- Provide a list that contains one IP address per line and no other lines (Bonus, give me JUST the IP addresses and nothing else) This is a list of the IPs it found.
- Similarly, Provide a list that contains one MAC address per line and no other lines (Bonus, give me JUST the MAC addresses and nothing else) This is a list of the MACs it found.
You may also use nmap to just target one port.
In class, I mentioned that port 53 is used for DNS. Use nmap to find the DNS server in SecNet. Note that gateways might show port 53 open, but is NOT going to be the thing you're looking for.
(useful flags for nmap here will be
-p (port number)
and
--open
to only return the open ones.
- What is the IP address of the DNS server?
Ooh, this one looks juicy. Let's run a full scan on it. We'll use a stealth scan because it's faster and sneakier.
sudo nmap -sS *IP-ADDRESS*
- Provide the output. Also, pick one of the higher ports and tell me about the service running via some googling. (seriously, I don't even know, let's see what we can find) Any guess as to what operating system this is running?
- Finally, an open-ended assignment: Do one of the following; I recommend the 2nd if possible.
1) Here in SecNet, try out another scanning tool, or different scanning options with nmap. Other tools to try are
- other nmap options.
- masscan - which is supposed to be faster and
- nc - which is netcat. Netcat can do A LOT OF THINGS, as its name implies — it's just "cat" for the files that correspond to open streams and files
https://linuxize.com/post/netcat-nc-command-with-examples/
Any others? let me know!
Poke around SecNet, see what you can find.
2) With nmap or the tools above, try scanning one of your networks that you have legal access to. With your team — see what you can find and provide some information in brief to me. Tell me what you discussed and if anyone in your group learned anything new.
Backlinks: FSU Courses:LIS4774