Reconnaissance and Probing Using Zenmap

Hackers typically follow a five-step approach to seek out and destroy targeted hosts. The first step in performing an attack is to plan the attack by identifying the target and learning as much as possible about it. Hackers usually perform an initial reconnaissance and probing scan to identify IP hosts, open ports, and services enabled on servers and workstations. In this lab, you planned an attack on where the VM server farm resides, and used the Zenmap GUI to perform an “Intense Scan” on the targeted IP subnetwork. Note:

These forms have been formatted to allow you to complete the form online and save it using Adobe Reader. You may experience problems with either or both of these actions if you are using any other software program.

Lab Assessment Questions & Answers
1. Name at least five applications and tools pre-loaded on the TargetWindows01 server desktop, and identify

whether that application starts as a service on the system or must be run manually.

windows applicaTion loaded
1. 2. 3. 4. 5.

sTarTs as service Y/n
q Yes q Yes q Yes q Yes q Yes q No q No q No q No q No

tftpd32 filezilla wireshark Nessus NetWitness Investigator


Lab #1 | Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) 2. What was the allocated source IP host address for the TargetWindows01 server, LAN Switch 1,

LAN Switch 2, and the IP default gateway router?
TagetWindows01 Server- Source IP = TargetUbuntu01 Server – Source IP = TargetUbuntu02 Server – Source IP = The Default Gateway IP is =

3. Did the targeted IP hosts respond to the ICMP echo-request packet with an ICMP echo-reply packet when

you initiated the “ping” command at your DOS prompt? If yes, how many ICMP echo-request packets were sent back to the IP source? Yes, the targeted IP host responded back with 4 echo-replies.

4. What is the command line syntax for running an “Intense Scan” with Zenmap on a target subnet of
The fields that vary is the Time To Live (TTL) fields. For the TargetUbuntu01 it’s 64 and the TargetWindows01 is 128.

5. Name at least five different scans that may be performed from the Zenmap GUI. Document under what

circumstances you would choose to run those particular scans. The syntax for an Intense Scan in Zenmap is as followed: nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389

Assessment Worksheet
6. How many different tests (i.e., scripts) did your “Intense Scan” definition perform? List them all after


Perform Reconnaissance and Probing Using Zenmap GUI (Nmap)

reviewing the scan report.
ZenMap GUI (Nmap) Learning Objectives and Outcomes Upon completing this lab, students will be able to perform the following tasks: Obtain, access, and copy the Virtual Machines (server farm and workstations) needed for this course onto your removable hard drive Use VMware Player to enable and power-up the VMs (server farm and workstations)…

7. Describe what each of these tests or scripts performs within the Zenmap GUI (Nmap) scan report.

8. How many total IP hosts (not counting Cisco device interfaces) did Zenmap GUI (Nmap) find on the


9. Based on your Nmap scan results and initial reconnaissance and probing, what next steps would you

perform on the VSCL target machines?

xzhaedria tucker