Probing Using Zenmap GUI (Nmap)

1.      Lab description

  1. The step by step on by step perform an attack is to plan the attack by identifying target and learning as much as possible about it.
  2. Learn how hackers usually perform, including probing scan to identify IP hosts, open ports, and services enabled on servers and workstations.
  3. Plan an initial reconnaissance and probing attack on the computer
  4. Use Zenmap GUI (Nmap) to perform an “Intense Scan” on the targeted computer
  5. Generate a Zenmap GUI (Nmap) port scanning report and submit it as part of the deliverables for this lab.

2.      Procedure

  1. We have to use a program call Zenmap GUI.
  2. Then, we type the IP address of your target computer, from the profile drop-down menu, select Ping scan.  We use three IP addresses one being a classmate, another one is Google, and the last one is Tuskegee.
  3. Then, it returns basic information about the host availability and the MAC address.
  4. Select Intense Scan from Profile drop-down menu and click the Scan button.
  5. Click Scan on the main toolbar and select Save Scan to save the scan results.
  6. Click the Topology tab. This tab provides a fisheye bubble chart of all the IP hosts discovered during the scan.
  7. Adjust  the size and fix the orientation.

3.      Topology fisheye bubble chart in PDF format;

4.      Observations

    1. One thing I notice about Zenmap can tell the difference between two scans. From the day, time, and the type of the scan it does. This can help user to tell if someone is in their network.
    2. Two I notice I can save my scan results help users tell when a user is in their system.
    3. Three the topology map help see what my network look like from the classmate, Google, and Tuskegee.

5.      Summary and discussion

  1. In general Zenmap GUI shows the user the show all ports on a host and services by scan the system with the IP address. It can also create drawing of the topology map of the networks.
  2. Now for the intense scan can merged two scan together to see if there any difference between the two scan.
  3. The topology map is the connections between hosts in a network. When I did the topology map with a classmate it creates one ring for the classmate. Which, mean that it a direct connection with my IP address and my classmate. Then when I did Google it creates two more from 10.50.0.1, 172.16.0.1, and finally made it to Google. It means it take multiple network or nodes to get to Google.  Same to what happen with Tuskegee. You can see all ports on the hosting.

Leave a comment