Networking Activity

Notes

  • YOU MUST USE NMAP AND WIRESHARK ON YOUR RLES VM.
  • ONLY NMAP/PACKET SNIFF THE IP ADDRESSES THAT WE SPECIFY.

If you fail to follow these simple directions, you will get flagged, and you will get an angry email from a systems administrator. You may even lose access to your RLES VM or have network access from your account disabled.

Running NMAP on the entire RIT network sounds fun, but it’s disruptive. DO NOT DO IT.

Overview

The purpose of this activity is to give you hands on experience using NMAP and WireShark, two common networking tools used by penetration testers and malicious attackers.

Setup

This is for groups of 2-3, but you must complete each step individually.

  1. If you have not already set up a VM in RLES, follow the instructions on the from the web applications activity.
  2. Install NMAP on your RLES VM:
    • Download the leatest stable release installer from nmap.org (under the “Microsoft Windows binaries” section).
    • Run the installer and click through the prompts. You do not need to change any of the defaults.
    • NOTE: Do not install the USB plugin.
  3. Install WireShark on your RLES VM:
    • Download the latest stable (64-bit) release installer from wireshark.org.
    • Run the installer and click through the prompts. You do not need to change any of the defaults.
  4. Read through the NMAP and WireShark documentation to familiarize yourself with each piece of software.
  5. Download this GoogleDoc template and fill in the answers as you complete the activity.

Part 1: NMAP

You will be running NMAP on actual RIT IP addresses. Do not use any other IP addresses.

  1. Run nmap --top-ports 20 192.168.201.11 to discover open ports on 192.168.201.11. Record the open ports in the GoogleDoc.
  2. Run nmap -A -T4 192.168.201.11 to find out configuration information for 192.168.201.11. Answer the questions in the GoogleDoc.
  3. Run nmap -Pn --script vuln 192.168.201.11 to discover vulnerabilities on 192.168.201.11. Record the discovered vulnerabilities in the GoogleDoc.
  4. Compare your findings with your group members.

Part 2: WireShark

  1. Download the WireShark network trace winserverbasicscan.pcapng and open it in WireShark.
  2. Do some searching online and find out what ports correspond to the HTTP, HTTPS, POP3, FTP, and Remote Desktop protocols. Write them down in the GoogleDoc.
  3. Find pairs of packets that correspond to attempts to find open ports for each of the above protocols. Write down the line numbers in the GoogleDoc.
  4. Determine whether each port is open, closed, or filtered and explain your rationale for making your decision.
    • Review the networking slides if you don’t remember how port status is determined.
  5. Compare your findings with your group members.

Time Permitting

If you have extra time:

  1. Open WireShark and start scanning traffic to/from your VM.
  2. Repeat Part 1 using 192.168.199.212 and 192.168.192.146. You should see different results for each IP address.
  3. Take a look at the packets captured by WireShark and see if you can find the packets resulting from your NMAP scans.

Submission

Share your GoogleDoc with your group and the instructor. This activity will not be graded.