Probing Using Zenmap Gui

Probing Using Zenmap GuiHackers traditionally follow a 5-step approach to look atk out and destroy positioned hosts. The scratch line step in performing an attack is to plan the attack by identifying your target and learning as much as possible about the target. Hackers traditionally perform an initial reconnaissance probing scan to identify IP hosts, open carriages, and services enabled on emcees and workstations. In this lab, students will plan an attack on 172.30.0.0/24 where the VM server levy resides. Using ZenMap GUI, students will then perform a Ping run down or Quick Scan on the targeted IP subnetwork.Lab sagacity Questions AnswersName at least five applications and tools pre-loaded on the Windows 2003 Server Target VM (VM Name WindowsTarget01) and identify whether that application starts as a service on the trunk or must be run manually?Lan routingRun manuallyNatRun manuallyVpnStart as a service goal servicesStart as a serviceStreaming serverRun manuallyWhat was t he DHCP allocated source IP host address for the Student VM, DHCP Server, and IP default gateway router?DHCP allocated the following IP addressesSource IP host address is 192.168.1.6DHCP server address 192.168.1.1Default gateway router address is 192.168.1.1Did the targeted IP hosts answer to the ICMP echo-request packet with an ICMP echo-reply packet when you initiated the ping command at your DOS prompt? If yes, how many ICMP echo-request packets were sent back to the IP source?Yes, four ICMP echo-request packets sent when I initiate a ping command from the DOS promptDetails of these packets are as followsPing statistics for 192.168.1.6Packets sent=4, Received=4, Lost=0 (0% loss) gravelly round trip times in milli-secondsMinimum=0ms, Maximum=131ms, Average= 43msIf you ping the WindowsTarget01 VM server and the UbuntuTarget01 VM server, which fields in the ICMP echo-request / echo-replies vary?When I ping the WindowsTarget01 VM server and the UbuntuTarget01 VM server, ICMP echo-re quest / echo-replies of Windows Target01 VM server varies like 8ms, 131ms, 33ms and What is the command line syntax for running an Intense Scan with ZenMap on a target subnet of 172.30.0.0/24?nmap -T4 -A -v 192.30.0.0/24Name at least 5 different scans that may be performed from the ZenMap GUI and document under what circumstances you would choose to run those particular scans.Intense Scan want = nmap -T4 -A -vIntense Scan is to comprehensive scan the network and all the computers in the network. The benefit is that you can check all the vulnerabilities in the network where you are connected with.Ping scanCommand = nmap -snPing scan only finds either target/targets are up or not. It does not scan the ports of that particular target/targets.Quick scanCommand = nmap -T4 -FIt is faster than the normal scan because it scans the fewer ports and uses the aggressive timing templateQuick scan plusCommand = nmap -sV -T4 -O -F version-lightIt detects the direct system as well as the version of OS.Quick tracerouteCommand = nmap -sn tracerouteIt does not do the port scanning it just find the intermediate hop where from you can connect with the computer.Regular scanCommand = nmapA basic port scan with no extra options.How many different tests (i.e., scripts) did your Intense Scan definition perform? List them all after reviewing the scan report.It performs the following testsPort ScanningOS contractingVersion detectionNetwork keeptransmission control protocol epoch predictionTrace routeDescribe what from each one of these tests or scripts performs within the ZenMap GUI (Nmap) scan report.Port ScanningA port scan is nearly what its name suggests, a scan of all the ports open upon a system. The way a port-scanner typically works is to attempt to connect to each port upon a host, in turn, and then report the results.For example a scanner could connect toport 1 to see if tcpmux is running.port 7 to see if echo is running.port 22 to see if openssh is available.port 2 5 to see if smtp is available.OS DetectionOne of Nmaps best-known features is remote OS detection apply TCP/IP stackfingerprinting. Nmap sends a series of TCP and UDP packets to the remote host and examines practically every bit in the responses.Version Detectiondeuce important fields that version detection can discover are operating system and device type. These are also reported on the go Info line. We use two techniques here. One is application exclusivity. If we identify a service as Microsoft Exchange, we know the operating system is Windows since Exchange doesnt run on anything else. The other technique is to persuade more portable applications to divulge the platform information. Many servers (especially nett servers) require very little coaxing. This type of OS detection is intended to complement Nmaps OS detection system (-O) and can sometimes report differing results. For example, consider a Microsoft Exchange server hidden behind a port-forwarding UNIX firewall.Networ k DistanceIt detects how many hops are involved in the way to reach to the targeted computer.TCP sequence predictionNmap sends a couple of resets first to the open port, then sends six packets with just SYN set (the normal method for opening a TCP connection), followed each time with a reset (a TCP header with reset and ACK flags set, which aborts the connection). The sequence numbers in packets sent increase incrementally by one each time this is abnormal behavior but is distinction of sequence number collectors. Nmap collects the initial sequence numbers received from the target and looks for a pattern in the way they are incremented. This is called a TCP sequence prediction.TracerouteNmap does not perform a full trace to every host, so necessarily it must make assumptions about the hops that it has not probed. The first and most fundamental of these is that, in tracing a host, we find an intermediate hop that has already been seen in tracing another host, we may assume that it a nd all it parents hops are shared between the two hosts.How many total IP hosts (not counting Cisco device interfaces) did ZenMap GUI (Nmap) find on the network?deuce (2) up hosts are found in my network.Based on your Nmap scan results and initial reconnaissance probing, what next steps would you perform on the VM server farm and VM workstation targets?In Nmap scanning weve been find the vulnerabilities of network or targeted computer. After the reconnaissance weve to check where weve to enter into the computer for the specific purpose i.e. if we want to check the web services on the targeted computer then weve to enter form the port 80.