Click here for part 2 in Nmap link
Task 2 → Introduction
What networking constructs are used to direct traffic to the right application on a server?
How many of these are available on any network-enabled computer?
[Research] How many of these are considered “well-known”? (These are the “standard” numbers mentioned in the task)
Task 3 → Nmap Switches
What is the first switch listed in the help menu for a ‘Syn Scan’ (more on this later!)?
Which switch would you use for a “UDP scan”?
If you wanted to detect which operating system the target is running on, which switch would you use?
Nmap provides a switch to detect the version of the services running on the target. What is this switch?
The default output provided by nmap often does not provide enough information for a pentester. How would you increase the verbosity?
Verbosity level one is good, but verbosity level two is better! How would you set the verbosity level to two?
What switch would you use to save the nmap results in three major formats?
What switch would you use to save the nmap results in a “normal” format?
A very useful output format: how would you save results in a “grepable” format?
Sometimes the results we’re getting just aren’t enough. If we don’t care about how loud we are, we can enable “aggressive” mode. This is a shorthand switch that activates service detection, operating system detection, a traceroute and common script scanning.
How would you activate this setting?
Nmap offers five levels of “timing” template. These are essentially used to increase the speed your scan runs at. Be careful though: higher speeds are noisier, and can incur errors!
How would you set the timing template to level 5?
We can also choose which port(s) to scan.
How would you tell nmap to only scan port 80?
How would you tell nmap to scan ports 1000–1500?
A very useful option that should not be ignored:
How would you tell nmap to scan all ports?
How would you activate a script from the nmap scripting library (lots more on this later!)?
“- — script”
How would you activate all of the scripts in the “vuln” category?
“ — — script=vuln”
Task 5→ TCP Connect Scan
Which RFC defines the appropriate behaviour for the TCP protocol?
If a port is closed, which flag should the server send back to indicate this?
Task 6 → SYN Scan
There are two other names for a SYN scan, what are they?
Can Nmap use a SYN scan without Sudo permissions (Y/N)?
Task 7 → UDP Scan
If a UDP port doesn’t respond to an Nmap scan, what will it be marked as?
When a UDP port is closed, by convention the target should send back a “port unreachable” message. Which protocol would it use to do so?
I will see you in part 2 see you!!!!!!!!