1 An attacker has discovered a vulnerable computer with the

1. An attacker has discovered a vulnerable computer with the IP address 192.168.201.10. What tool might the attacker use to determine if there are other vulnerable computers on the network, and what command would the attacker use?

2. What Nmap option would you use if you wanted to perform a TCP port scan?

3. How would you use Nmap to perform a TCP port scan on a computer with the IP address 192.168.220.101?

4. At the command line, type nmap. What option can you use to perform a UDP port scan? A TCP SYN stealth port scan?

Solution

2) Use can use

a)-sT (TCP connect scan)

nmap -sT 192.168.201.10

It used when SYN scan option is not available i.e. when a user doesn’t have raw packet privileges.

In this NMAP ask OS to establish a connection with a target machine by using connect system call. It is like high level system call that a web browsers/psp clients/any network enabled application uses to establish connection. Nmap uses API (Berkeley Sockets API) to obtain information instead of read raw packets.

b) -sS (TCP SYN scan)

nmap –sS 192.168.201.10

It is better option than –sS , as Nmap has more control with raw packets ,as compare to high level connect call.

It can quickly scan thousands of ports per seconds. As it never completes TCP connections it is

3)

nmap –sS 192.168.201.10

or

nmap -sT 192.168.201.10

4)

a) –sU option available for UDP port scan

nmap -sU -p 192.168.201.10

b) –sS command is used for SYN stealth port scan.

nmap –sS 192.168.201.10