CS591 ST 008

Lab 3

- What are the IP addresses of all machines on the subnet? How many are there (if you think you've found them all, e-mail me to confirm rather than wasting your time looking for more since there really aren't that many)?
Answer: 192.168.33.2, 192.168.33.80, 192.168.33.22, 192.168.33.40


- What kind of BSD distribution is the BSD server running (e.g., OpenBSD? FreeBSD? NetBSD?)? Can you tell me the exact version?
Answer: Running (JUST GUESSING) : FreeBSD 5.x|6.X (89%)
Aggressive OS guesses: FreeBSD 5.4 or 5.5 (x86) (89%), FreeBSD 6.1-RELEASE through 6.2-BETA3 (x86) (88%), FreeNAS 0.671 (runs FreeBSD 6.1-STABLE) (87%)


- What other ports is the web server listening on besides the HTTP port 80? What else can you tell me about the web server?
Answer: Discovered open port 80/tcp on 192.168.33.80
Discovered open port 22/tcp on 192.168.33.80


- Are there any other machines on the subnet besides these two servers? What can you tell me about that/those machine/machines and the firewall rules that protect it/them? Is it likely intended to be a server or a client?
Answer:


Nmap information:
Different scan types are available for different machines, firewall rules, etc. The default scan is SYN (aka Half-open scan). This sends a SYN packet to the port and listens for a SYN/ACK for an open port of receives a RST for a closed port.

Other scan types can be used where SYN doesn't work. This can be NULL, FIN, XMAS, ACK, along with other types. The NULL scan leaves the TCP header empty. The FIN sets the TCP FIN bit. The XMAS sets the FIN, PSH, and URG bits in the TCP header.

By adding the -O -v options allows Nmap to try to determine the OS type of the machine you are scanning. These flag options allow for Fingerprint (type of device..eg printer, router), Running (OS family and generation), OS details, Uptime guess, etc. to be displayed and used to determine/guess the OS in question.

Here are some example commands I have used for this Lab:
nmap -n --scan-delay 1 ls -vvv -A -PN -p22 -sT 192.168.33.2 -oG output.txt
sudo nmap -sV -O -v 192.168.33.2
sudo nmap -O -v 192.168.33.80


(References - http://nmap.org/book/man.html; http://www.cyberciti.biz/tips/linux-scanning-network-for-open-ports.html; http://www.cyberciti.biz/tips/linux-scanning-network-for-open-ports.html)