Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
10 views19 pages

CSDF Lab Assignment 1

Uploaded by

storageformovies004
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views19 pages

CSDF Lab Assignment 1

Uploaded by

storageformovies004
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

CYBERSECURITY AND DIGITAL FORENSICS

REG No. – 23BCE7211


LAB – L33+L34
EXPERIMENT – 1

Perform an experiment to demonstrate use of nmap tool for Port Scanning.

Aim - To perform port scanning using nmap tool.


Objective - Students will be able to perform port scanning using n-map tool.
Tools required - N-map software tool.
Theory:
Zenmap is the official graphical user interface (GUI) for the Nmap Security Scanner. It is a
multi-platform, free and open-source application designed to make Nmap easy for
beginners to use while providing advanced features for experienced Nmap users.
Frequently used scans can be saved as profiles to make them easy to run repeatedly. A
command creator allows interactive creation of Nmap command lines. Scan results can be
saved and viewed later. Saved scans can be compared with one another to see how they
differ. The results of recent scans are stored in a searchable database.

Scanning:
Begin Zenmap by typing zenmap in a terminal or by clicking the Zenmap icon in the
desktop environment.
In Target area write IP address or Web address & from Profile list choose proper scan type
& Click on Scan.
One of Zenmap's goals is to make security scanning easy for beginners and for experts.
Running a scan is as simple as typing the target in the “Target” field, selecting the “Intense
scan” profile, and clicking the “Scan” button.

Interpreting Scan Results:


Nmap's output is displayed during and after a scan. This output will be familiar to Nmap
users. Except for Zenmap's color highlighting, this doesn't offer any visualization
advantages over running Nmap in a terminal. However, other parts of Zenmap's interface
interpret and aggregate the terminal output in a way that makes scan results easier to
understand and use.

Scan Results Tabs


Each scan window contains five tabs which each display different aspects of the scan
results. They are: “Nmap Output”, “Ports / Hosts”, “Topology”, “Host Details”, and
“Scans”. Each of these are discussed in this section.
The “Nmap Output” tab

The “Nmap Output” tab is displayed by default when a scan is run. It shows the familiar
Nmap terminal output. The display highlights parts of the output according to their
meaning; for example, open and closed ports are displayed in different colors. Custom
highlights can be configured in zenmap.conf.

Recall that the results of more than one scan may be shown in a window. The drop-down
combo box at the top of the tab allows you to select the scan to display. The “Details”
button brings up a window showing miscellaneous information about the scan, such as
timestamps, command-line options, and the Nmap version number used.

The “Ports/Hosts” tab

The “Ports/Hosts” tab's display differs depending on whether a host or a service is currently
selected. When a host is selected, it shows all the interesting ports on that host, along with
version information when available.

When a service is selected, the “Ports / Hosts” tab shows all the hosts which have that port
open or filtered. This is a good way to quickly answer the question “What computers are
running HTTP?”

The “Topology” tab


The “Topology” tab is an interactive view of the connections between hosts in a network.
Hosts are arranged in concentric rings. Each ring represents an additional network hop
from the center node. Clicking on a node brings it to the center. Because it shows a
representation of the network paths between hosts, the “Topology” tab benefits from the
use of the --traceroute option.
The “Host Details” tab

The “Host Details” tab breaks all the information about a single host into a hierarchical
display. Shown are the host's names and addresses, its state (up or down), and the number
and status of scanned ports. The host's uptime, operating system, OS icon (see Figure , “OS
icons” , and other associated details are shown when available. When no exact OS match
is found, the closest matches are displayed. There is also a collapsible text field for storing
a comment about the host which will be saved when the scan is saved to a file (see the
section called “Saving and Loading Scan Results” .

Each host has an icon that provides a very rough “vulnerability” estimate, which is based
solely on the number of open ports.
The “Scans” tab

The “Scans” tab shows all the scans that are aggregated to make up the network inventory. From
this tab you can add scans (from a file or directory) and remove scans.

While a scan is executing and not yet complete, its status is “Running”. You may cancel a
running scan by clicking the “Cancel Scan” button.
Demonstration of real-time port scanning using IP addresses

IPv4 Address 1: 140.82.114.4

NMAP Output:
Ports/Hosts:
Topology:

Host Details:
IPv4 Address 2: 45.114.227.67

NMAP Output:
Ports/Hosts:

Topology:
Host Details:
IPv4 Address 3: 176.65.150.7

NMAP Output:
Ports/Hosts:

Topology:
Host Details:
COMPARATIVE ANALYSIS:

OS
IP Address Status Open Ports Services Notes
Detection
SSH, HAProxy
140.82.114.4 Up 22, 80, 443 Linux GitHub server
HTTP Proxy
FTP, SSH, SMTP,
21, 22, 25, 53,
DNS, HTTP
80, 110, 143, Likely
45.114.227.67 Up (nginx), POP3, Linux
443, 465, 587, CentOS/RedHat
IMAP, IMAPS,
993, 995
POP3S
SSH, SMTP, DNS,
22, 25, 53, 80,
176.65.150.7 Up HTTP (Apache), Windows Yandex server
110, 143
POP3, IMAP

Conclusion: Successfully performed port scanning on various IP addresses using Zenmap


(NMAP – GUI tool).

You might also like