Nmap LAB EXERCISE
CSEC 640 LAB-1
University of Maryland University College
February 16, 2014
ASSIGNMENT PART A-NMAP
3.3 Lab Questions: Part A
1. What are the services that are running on each host?
Some of the hosts include the following services below, but not all “3” include the same services. Domain: Host “3” only
FTP: All Host’s
HTTP: All Host’s
Microsoft-DS: All Host’s
Microsoft-RDP: All Host’s
MSRPC: All Host’s
MYSQL: All Host’s
Netbios-SSN: All Host’s
SSH: Host “3” only
Talent: All Host’s
The three diagrams below show the results from the OS Fingerprinting scan. Figure 1: Host 1 (192.168.100.103)
Figure 2: Host 2 (192.168.100.105)
Figure 3: Host 3 (192.168.100.106)
2. Is Nmap able to identify the operating system running on each system? Is there any Nmap feature that can be used to guess the OS of a host? Explain your answer. Using the ports that are open and the probable services running on those ports, determine what operating systems are running on the devices. Explain your answer. Nmap was not able to classify the operating system (OS) running on all “3” hosts provided during the exercise. However, Nmap was able to identify and determine the OS running on “Host 1” as presented in Figure 1: Host 1 (192.168.100.103). Located in Nmap there is an attribute which is used to conjecture the OS of a target host. If an individual decides to limit the OS detection to the targets, one can use one open and one closed port by using the (osscan-limit) feature command. With this scan Nmap will attempt a (TCP-SYN) connection to 1000 of the most common ports as well as an ICMP echo request to determine if a host if up. On the other hand if Nmap cannot make a perfect match for an OS it will guess something that is close, but not 100% exact (Orebaugh & Pinkard, pp. 111, 2008). This approach is more aggressive and is called (osscan-guess). The initial scan determined that “Host 1” was running (Microsoft XP SP2 or SP3) validated by the fact that port 445 is open providing Microsoft -ds services. By using the feature attribute (osscan-guess) as described above Nmap determined that “Host 3” is running (Linuz 2.6X-2.4X “96%”) as shown in “Figure 4” below. When running (osscan-limit & osscan-guess) in Nmap I was unable to determine the OS of “Host 2” due to the fact that all ports were closed. Figure 4
3. Which host appears most secure? Least secure?
When running the scans in Nmap, “Host 1” appears to present the least amount of security of all three hosts in the exercise. This host had the most open ports and by running a rudimentary scan Nmap was able to disclose the operating system of the host. Host 2 was reasonably secure, due to that not even an “OS Fingerprinting” scan could disclose much about the system. This scan required the use of more advanced attributes to reveal what OS “Host 2” was running, inevitably the results were ball park answers. In this exercise “Host 3” has been determined to be the most secure, based on that not even advanced scanning features of Nmap were able to unveil what OS is running on the host. Of the three hosts delivered in the exercise, “Host 1” had nine open ports, “Host 2” had two open ports, and the most secure “Host 3” only publicized one open port. 4. Describe several uses of Nmap.
Nmap (Network Mapper) is an open source tool that is used by network administrators and IT security professionals to scan enterprise networks, looking for live hosts, specific services, or specific operating systems (Orebaugh & Pinkard, p. 34, 2008). Nmap has a variety of features, and territories the aptitude to perform basic scans, while incorporating the capability to command advanced scans containing a mass of options scanning across a huge continuum of IP address universes while logging specific file types or systems. Nmap has the ability to perform packet fragmentation, TCP scan flags customization, and IP and MAC address...
Please join StudyMode to read the full document