Project 6: Analyzing a Port Scan (20 points)

What You Need for This Project

Finding the IP Address of Your Windows Machine

From your Windows desktop, click Start. In the search box, enter CMD and press the Enter key.

In the Command Prompt window, enter the IPCONFIG command and press the Enter key. Several IP addresses appear.

Find the adapter that goes to your LAN. In S214, it's the adapter with an IP address starting with "192.168.1". Make a note of that IP address.

Turning Off the Windows Firewall

From your Windows desktop, click Start. In the search box, enter FIRE.

In the "Control Panel" section of the results, click "Windows Firewall".

On the left side of the "Windows Firewall" box, click "Turn Windows Firewall on or off". Click both of the "Turn off Windows Firewall (not recommended)" buttons, as shown below.

Click the OK button.

Start Your Kali Linux Virtual Machine

Launch your Linux virtual machine. When your machine starts up, log in as root with a password of toor.

Pinging the Windows Machine From the Linux Virtual Machine

At the upper left of your Linux desktop, click the little black square icon to open a Terminal window.

In the Terminal window, after the # prompt, enter this command, replacing the IP address with the IP address of your Windows machine.

Then press the Enter key.

ping 192.168.1.101
You should see lines saying "64 bytes from...", indicating that you do have a working network connection between the two machines. I

If you don't see replies, you need to troubleshoot your VMware networking. There are tips to guide you through that in Project 2.

When the ping is working properly, type Ctrl+C to stop the pinging.

Installing Zenmap

Kali Linux does not include Zenmap by default. To install it, you need an Internet connection.

On your Kali Linux desktop, in the Terminal window, execute this command:

ping google.com
You should see lines saying "64 bytes from...". Press Ctrl+C to stop the pings.

If you don't see replies, you need to fix your networking before proceeding.

On your Kali Linux desktop, in the Terminal window, execute this command:

apt-get install zenmap -y
This installs Zenmap.

Starting The Wireshark Network Analyzer

On your Kali Linux desktop, in the Terminal window, execute this command:
wireshark
A box pops up warning you that wireshark is running as root. Check the "Don't show this message again" box and click the OK button.

In the Wireshark window, verify that "eth0" is highlighted, as shown below, and click Start.

Starting zenmap

In Kali, click the black square icon at the upper left of the desktop to open a new Terminal window.

In the Terminal window, execute this command:

zenmap

Performing a Ping Sweep of your Network

In the "Profile" box, select "Ping Scan", as shown below.

In the Target box, enter the network address of the network containing both your Kali and Windows machines, followed by the CIDR notation number (usually 24), like this:

192.168.1.0/24
Click Scan.

Nmap pings the whole LAN.

When the sweep completes, you should see a list of the hosts that were found on the left side of the Nmap window, as shown above. The IP addresses and the total number of hosts may be different, but you should detect at least two hosts—your Linux and Windows machines.

Saving a Screen Image

Make sure at least two machines are visible in the left pane of the Zenmap window, as shown above.

Click the taskbar at the bottom of your host Windows 7 desktop, to make the host machine listen to the keyboard, instead of the virtual machine.

Press the PrintScrn key in the upper-right portion of the keyboard. That will copy the whole desktop to the clipboard.

YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT!

On the host machine, not the virtual machine, click Start.

Type mspaint into the Search box and press the Enter key.

Click in the untitled - Paint window, and press Ctrl+V on the keyboard. The desktop appears in the Paint window.

Save the document with the filename "YOUR NAME Proj 6a", replacing "YOUR NAME" with your real name.

Using Wireshark to Analyze the Ping Sweep

In the Wireshark: Capture Window, click Capture, Stop. You should see a lot of ARP requests, as shown below on this page. Because you are scanning your own LAN, Nmap uses ARP broadcasts rather than ICMP packets to find hosts.

Performing an Quick Scan of the Windows Machine

In the Zenmap window, enter the IP address of your Windows machine in the Target field.

Select a Profile of "Quick Scan", as shown below on this page.

Click Scan.

When the scan completes, you should see a list of open ports including "135/tcp open", as shown below.

Starting a New Wireshark Capture

In the The Wireshark Network Analyzer window, click Capture, Start. If you see a message saying "Save capture file before starting a new capture?", click "Continue without saving".

Performing a Connect Scan of Port 135 only

In the Zenmap window, select a Profile of "Intense scan, all TCP ports".

Notice the Command line. It currently shows this command, as shown below:

nmap -p 1-65535 -T4 -A -v 192.168.119.219

Make these three changes in this line:

Your command should match the image below, except for the IP address:

Click the Scan button.

You should see one line of green text, showing port "135/tcp open", as shown above.

Using Wireshark to Analyze the Connect Scan

In the Wireshark Window, click Capture, Stop.

In the Filter box, type this filter:

tcp.port==135
Press Enter. The Info column should show this pattern of four packets, as shown below:
[SYN]
[SYN, ACK]
[ACK]
[RST, ACK]

This is a complete TCP three-way handshake, followed by a RST to end the session.

Saving a Screen Image

Make sure the four required packets are visible in Wireshark, as shown above.

Click the taskbar at the bottom of your host Windows 7 desktop, to make the host machine listen to the keyboard, instead of the virtual machine.

Press the PrintScrn key in the upper-right portion of the keyboard. That will copy the whole desktop to the clipboard.

YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT!

On the host machine, not the virtual machine, click Start.

Type mspaint into the Search box and press the Enter key.

Click in the untitled - Paint window, and press Ctrl+V on the keyboard. The desktop appears in the Paint window.

Save the document with the filename "YOUR NAME Proj 6b", replacing "YOUR NAME" with your real name.

Turning in Your Project

Email the images to me as attachments to an e-mail message. Send it to: cnit.123@gmail.com with a subject line of "Proj 6 From YOUR NAME", replacing "YOUR NAME" with your real name.

Send a Cc to yourself.

Last Modified: 3:22 pm 9-12-13