Lab 5 - Network Security - port scanner and network protocol analyzer

Part A: Nmap port scanner

Pre-assignment: Nmap ("Network Mapper") [ http://www.insecure.org/nmap/ ]  is an open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (ports) they are offering, what operating system (and OS version) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers, and both console and graphical versions are available. Nmap is free software, available with full source code under the terms of the GNU GPL.

Nmap is available for Windows (http://www.nmapwin.org/ ) and Linux.

 Before installing Nmap for Windows, you must first install WinCap (from http://winpcap.polito.it/) to allow for the capture of network packets. This can be done independently or by installing includes nmapwin_1.3.1.exe (http://download.insecure.org/nmap/dist/nmapwin_1.3.1.exe),  which includes Nmap and Winpcap.

Assignment:

• After installing Winpcap and Nmap,
1. double-click on the Nmap icon
2. enter the IP address (131.238.126.147, 131.238.126.158, 131.238.126.214) and press Scan.

Post-assignment:

1. Submit answers to the following questions based on the reports you generated.
1. Which host had the highest number of vulnerabilities? least number of vulnerabilities?
2. What operating systems are running on the three computers?
3. List several services running on each computer?
4. Identify one high severity vulnerability for each computer (if there is one). Describe the vulnerability and discuss control(s) to minimize the risk from the vulnerability.

 

Part B: Ethereal network protocol analyzer

Pre-assignment: Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.

Ethereal is available for Windows and Linux (http://www.ethereal.com/download.html).

 Before installing Ethereal for Windows, you must first install WinCap (from http://winpcap.polito.it/) to allow for the capture of network packets.

Assignment:

• After installing Ethereal,
1. double-click on the Ethereal icon
2. Pull down the Capture menu and select Start.
3. Allow Ethereal to run for about 30 seconds before pressing the Stop button.
4. Inspect the results.
5. Pull down the tool menus and select Protocol Hierarchy Statistics to see a summary of the packets received.

Post-assignment:

2. Submit answers to the following questions based on the reports you generated.
1. Describe the different types of protocols captured.
2. Which are the most frequent type of packets captured?