Scribd
Upload
8K views

Lab 1

Wireshark, NetWitness, OpenVAS, FileZilla, Tftpd64, PuTTY, and Zenmap are applications and tools used in the lab. Promiscuous mode allows an application to listen to all network traffic on a given subnet or VLAN. Wireshark captures live packet-level traffic while NetWitness provides an aggregated overview of previously captured traffic to spot anomalies, compliance issues, and attacks. It is important for Wireshark to select the student interface to see only the relevant lab traffic. Zenmap's "nmap -T4 -A -v 172.30.0.0/24" command performs an Intense Scan on the given subnet. The Int

Uploaded by

MahlikBrown
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
8K views

Lab 1

Wireshark, NetWitness, OpenVAS, FileZilla, Tftpd64, PuTTY, and Zenmap are applications and tools used in the lab. Promiscuous mode allows an application to listen to all network traffic on a given subnet or VLAN. Wireshark captures live packet-level traffic while NetWitness provides an aggregated overview of previously captured traffic to spot anomalies, compliance issues, and attacks. It is important for Wireshark to select the student interface to see only the relevant lab traffic. Zenmap's "nmap -T4 -A -v 172.30.0.0/24" command performs an Intense Scan on the given subnet. The Int

Uploaded by

MahlikBrown
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Davonte Brown

Lab #1

1. Name at least five applications and tools used in the lab.

Introduction: Wireshark, NetWitness, OpenVAS, FileZilla, Tftpd64, PuTTY, Zenmap

2. What is promiscuous mode?

Part 1, Step 4: Promiscuous mode allows an application to listen to all traffic on a
given subnet or VLAN.

3. How does Wireshark differ from NetWitness Investigator?

Part 1, Steps 2 and 14: Wireshark captures live traffic and displays results at the
packet level. NetWitness Investigator provides an aggregated overview of previously
captured traffic which can be used to spot anomalies, compliance issues, and attacks.

4. Why is it important to select the student interface in the Wireshark?

Part 1, Step 3: To select the student lab environment. Choosing the Public network
will prevent Wireshark from seeing traffic that is related to the lab.

5. What is the command line syntax for running an Intense Scan with Zenmap on a target
subnet of 172.30.0.0/24?
Figure 16: nmap -T4 -A -v 172.30.0.0/24


6. Name at least five different scans that may be performed with Zenmap.

Part 3, Step 4: Intense scan, Intense scan plus UDP, Intense scan all TCP ports,
Intense scan no ping, Ping scan, Quick Scan, Quick Scan Plus, Quick Traceroute,
Regular Scan, Slow comprehensive scan

7. How many different tests (i.e., scripts) did your Intense Scan perform?

Part 3, Step 8: Ping (or Arp Ping), TCP Port Scan (SYN Stealth), Service Scan,
Operating System Detection (OS detection), and Traceroute.

8. Based on your interpretation of the Intense Scan, describe the purpose/results of each tests
script performed during the report.

Part 3, Step 8: Arp Ping: Discovers how many hosts are alive
TCP Port Scan: Identifies open TCP ports
Service Scan: Looks for fingerprint of known services by testing responses to certain
types of packets
Remote Operating System Scan: Fingerprints remote OS by testing responses to
certain types of packets
Traceroute: Discovers the IP path to the remote system

Davonte Brown
Lab #1
9. How many total IP hosts did Zenmap find on the network?

Part 3, Step 11: Six hosts: 172.30.0.1, 172.30.0.2, 172.30.0.7, 172.30.0.10,
172.30.0.11, 172.30.0.200

You might also like