Assessing the Network with Common Security Tools (3e)

Network Security, Firewalls, and VPNs, Third Edition - Lab 01

Student: Email:
Merabi Takashvili [email protected]

Time on Task: Progress:

6 hours, 42 minutes 100%

Report Generated: Sunday, March 17, 2024 at 8:47 AM

Section 1: Hands-On Demonstration

Part 1: Explore the Local Area Network

4. Make a screen capture showing the ipconfig results for the Student adapter on the
vWorkstation.

Page 1 of 13
Assessing the Network with Common Security Tools (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 01

7. Make a screen capture showing the ipconfig results for the Student adapter on
TargetWindows01.

15. Make a screen capture showing the updated ARP cache on the vWorkstation.

Page 2 of 13
Assessing the Network with Common Security Tools (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 01

19. Make a screen capture showing the completed LAN tab of the Network Assessment
spreadsheet.

Part 2: Analyze Network Traffic

9. Make a screen capture showing the ICMP filtered results in Wireshark.

Page 3 of 13
Assessing the Network with Common Security Tools (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 01

12. Make a screen capture showing the ARP filtered results in Wireshark.

Page 4 of 13
Assessing the Network with Common Security Tools (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 01

18. Compare the Regular scan results for ICMP and ARP traffic with the results from the Ping
scan.

Intense Scan:

Purpose: An Intense scan is a comprehensive scan that checks a wide range of ports on a
target system.Method: It sends probes to each port to determine whether the port is open,
closed, or filtered, which helps identify potential vulnerabilities.Advantages: Provides detailed
information about open ports, services running on those ports, and potential security
issues.Disadvantages: Can be resource-intensive and might trigger intrusion detection
systems or firewalls due to its aggressive nature.

Ping Scan:

Purpose: A Ping scan, also known as an ICMP Echo scan, determines which hosts are online
by sending ICMP Echo Request packets.Method: It sends ICMP Echo Request packets to the
target hosts and waits for ICMP Echo Reply packets to determine if the hosts are
online.Advantages: Quick and efficient at identifying live hosts on the network.Disadvantages:
Limited in scope; it doesn't provide information about open ports or potential vulnerabilities.

Comparison:

Scope: The Intense scan provides detailed information about

open ports and potential vulnerabilities, while the Ping scan only
identifies live hosts.Resource Usage: The Ping scan is less
resource-intensive compared to the Intense scan, which can
consume more system resources and time.Purpose: The Intense
scan is used for thorough vulnerability assessment and
penetration testing, whereas the Ping scan is primarily used for
network reconnaissance to identify live hosts.Speed: Ping scans
are generally faster since they only check for live hosts, while
Intense scans take longer due to the comprehensive port
scanning and vulnerability checks.

Page 5 of 13
Assessing the Network with Common Security Tools (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 01

24. Compare the Intense scan results with the results from the Ping scan.

Intense Scan:

Purpose: An Intense scan is a comprehensive scan that checks a wide range of ports on a
target system.Method: It sends probes to each port to determine whether the port is open,
closed, or filtered, which helps identify potential vulnerabilities.Advantages: Provides detailed
information about open ports, services running on those ports, and potential security
issues.Disadvantages: Can be resource-intensive and might trigger intrusion detection
systems or firewalls due to its aggressive nature.

Ping Scan:

Purpose: A Ping scan, also known as an ICMP Echo scan, determines which hosts are online
by sending ICMP Echo Request packets.Method: It sends ICMP Echo Request packets to the
target hosts and waits for ICMP Echo Reply packets to determine if the hosts are
online.Advantages: Quick and efficient at identifying live hosts on the network.Disadvantages:
Limited in scope; it doesn't provide information about open ports or potential vulnerabilities.

Comparison:

Scope: The Intense scan provides detailed information about

open ports and potential vulnerabilities, while the Ping scan only
identifies live hosts.Resource Usage: The Ping scan is less
resource-intensive compared to the Intense scan, which can
consume more system resources and time.Purpose: The Intense
scan is used for thorough vulnerability assessment and
penetration testing, whereas the Ping scan is primarily used for
network reconnaissance to identify live hosts.Speed: Ping scans
are generally faster since they only check for live hosts, while
Intense scans take longer due to the comprehensive port
scanning and vulnerability checks.

Page 6 of 13
Assessing the Network with Common Security Tools (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 01

28. Make a screen capture showing the contents of the Ports/Hosts tab.

Page 7 of 13
Assessing the Network with Common Security Tools (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 01

Section 2: Applied Learning

Part 1: Explore the Wide Area Network

6. Make a screen capture showing the ifconfig results on AttackLinux01.

Page 8 of 13
Assessing the Network with Common Security Tools (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 01

12. Make a screen capture showing the ipconfig results on RemoteWindows01.

18. Make a screen capture showing the updated ARP cache on RemoteWindows01.

Page 9 of 13
Assessing the Network with Common Security Tools (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 01

22. Make a screen capture showing the completed WAN tab of the Network Assessment
spreadsheet.

Part 2: Analyze Network Traffic

9. Make a screen capture showing tcpdump echo back the captured packets.

Page 10 of 13
Assessing the Network with Common Security Tools (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 01

12. Make a screen capture showing the attempted three-way handshake in tcpdump.

Page 11 of 13
Assessing the Network with Common Security Tools (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 01

17. Make a screen capture showing the results of the get command.

Page 12 of 13
 Assessing the Network with Common Security Tools (3e)
Network Security, Firewalls, and VPNs, Third Edition - Lab 01

Section 3: Challenge and Analysis

Part 1: Explore the DMZ
Make a screen capture showing the completed DMZ tab of the NetworkAssessment
spreadsheet.

Part 2: Perform Reconnaissance on the Firewall

Briefly summarize and analyze your findings in a technical memo to your boss.

UDP Traffic:

UDP packets are being sent from 10.0.1.3 to 202.20.1.1 on various destination ports (1233,
1234, 1235, etc.).The packets have varying lengths.

DNS Traffic:

DNS packets are being sent from 10.0.1.3 to 202.20.1.1 on port 53.The packets have an
invalid format,
ICMP echo
indicated
request
by the
andmessage
echo reply[length
packets
0 ICMP
are exchanged
Traffic: between 10.0.1.3 and
202.20.1.1.These packets are part of a ping (echo request and reply) communication
From thisbetween
output,the
wetwo
canhosts.
conclude that there is UDP, DNS, and ICMP traffic being sent to the
firewall (202.20.1.1). The DNS packets appear to be malformed, which may indicate some
issue with DNS communicatioopen ports are 22 and 80

Page 13 of 13
Powered by TCPDF (www.tcpdf.org)