LAB 1 NMAP Exercise Answers
Nmap LAB EXERCISE
CSEC 640 LAB-1
University of Maryland University College
B-McDerm
February 16, 2014
ASSIGNMENT PART A-NMAP
3.3 Lab Questions: Part A
1. What are the services that are running on each host?
Some of the hosts include the following services below, but not all “3” include the same services.
Domain: Host “3” only
FTP: All Host’s
HTTP: All Host’s
Microsoft-DS: All Host’s
Microsoft-RDP: All Host’s
MSRPC: All Host’s
MYSQL: All Host’s
Netbios-SSN: All Host’s
SSH: Host “3” only
Talent: All Host’s
The three diagrams below show the results from the OS Fingerprinting scan.
Figure 1: Host 1 (192.168.100.103)
Figure 2: Host 2 (192.168.100.105)
Figure 3: Host 3 (192.168.100.106)
2. Is Nmap able to identify the operating system running on each system? Is there any Nmap feature that can be used to guess the OS of a host? Explain your answer. Using the ports that are open and the probable services running on those ports, determine what operating systems are running on the devices. Explain your answer.
Nmap was not able to classify the operating system (OS) running on all “3” hosts provided during the exercise. However, Nmap was able to identify and determine the OS running on “Host 1” as presented in Figure 1: Host 1 (192.168.100.103). Located in Nmap there is an attribute which is used to conjecture the OS of a target host. If an individual decides to limit the OS detection to the targets, one can use one open and one closed port by using the (osscan-limit) feature command. With this scan Nmap will attempt a (TCP-SYN) connection to 1000 of the most common ports as well as an ICMP echo request to determine if a host if up. On the other hand if Nmap cannot make a perfect match for an OS it will guess something that is close, but not 100% exact (Orebaugh & Pinkard, pp. 111, 2008). This approach is more aggressive and is called (osscan-guess).
The initial scan determined that “Host 1” was
CSEC 640 LAB-1
University of Maryland University College
B-McDerm
February 16, 2014
ASSIGNMENT PART A-NMAP
3.3 Lab Questions: Part A
1. What are the services that are running on each host?
Some of the hosts include the following services below, but not all “3” include the same services.
Domain: Host “3” only
FTP: All Host’s
HTTP: All Host’s
Microsoft-DS: All Host’s
Microsoft-RDP: All Host’s
MSRPC: All Host’s
MYSQL: All Host’s
Netbios-SSN: All Host’s
SSH: Host “3” only
Talent: All Host’s
The three diagrams below show the results from the OS Fingerprinting scan.
Figure 1: Host 1 (192.168.100.103)
Figure 2: Host 2 (192.168.100.105)
Figure 3: Host 3 (192.168.100.106)
2. Is Nmap able to identify the operating system running on each system? Is there any Nmap feature that can be used to guess the OS of a host? Explain your answer. Using the ports that are open and the probable services running on those ports, determine what operating systems are running on the devices. Explain your answer.
Nmap was not able to classify the operating system (OS) running on all “3” hosts provided during the exercise. However, Nmap was able to identify and determine the OS running on “Host 1” as presented in Figure 1: Host 1 (192.168.100.103). Located in Nmap there is an attribute which is used to conjecture the OS of a target host. If an individual decides to limit the OS detection to the targets, one can use one open and one closed port by using the (osscan-limit) feature command. With this scan Nmap will attempt a (TCP-SYN) connection to 1000 of the most common ports as well as an ICMP echo request to determine if a host if up. On the other hand if Nmap cannot make a perfect match for an OS it will guess something that is close, but not 100% exact (Orebaugh & Pinkard, pp. 111, 2008). This approach is more aggressive and is called (osscan-guess).
The initial scan determined that “Host 1” was