Run a Network Scan Using Nmap

You will understand how to execute, save, and analyze a Nmap scan using Zenmap in a Microsoft Windows Server 2016 and Active Directory server. Then you will switch to a Linux client on the network and turn off a network service on the machine. You will redo the Nmap scan on Zenmap and compare the first and second scans, identifying changes.

This lab will guide beginners who have worked on a Windows operating system and have a rudimentary understanding of how computers use ports to handle network communications. Learners will complete the lab within a full forty-five-minute sitting, without pausing and saving work in the middle. Lab set-up consists of two consoles, the virtual Windows server and a Linux virtual machine.

Network Mapper (Nmap) describes a standard, open-source tool that Cyber Defense Infrastructure Support Specialists and Multi-Disciplined Language Analysts use to view what network communications flow to and from computer ports and their open or closed state. The use of the NMap application detects security vulnerabilities and targeted network characteristics. NMap scans each port identifying hosts and their operating system (OS) and version. At the end of the Nmap scan, a network administrator, system administrator, or security expert knows about network activity, OS updates needed, and where open and closed ports exist.

Understanding the Scenario:

You are a system administrator for a company that uses servers that run Windows Server and servers that run Linux. You need to scan the network to identify running hosts and services that might contain vulnerabilities. First, you use the free Nmap tool to scan the network. Next, you save and analyze the scan results. Finally, you make network service changes, run a second network scan, and compare the two scans to identify the differences.

Perform a Network Scan Using Nmap:

This lab section has you run an “intense” scan, a default Nmap configuration, of a Contoso subnet and save the results, using Nmap through the Zemap graphical user interface (GUI). Instructions relay how to enter a subnet into the target and choose a scan profile. You can customize Nmap to scan through creating or editing a profile. The intense Nmap scan takes a couple of minutes to complete as it sends internet protocol (IP) packets, to the most common transmission control protocol (TCP) ports. Results appear in the Nmap output screen, and you learn how to tell when the scan has finished.

Analyze the Nmap Scan Results:

You learn how to read the Nmap scan’s output. First, you identify your Linux host and its OS. Then you look for the Windows host and its OS. Finally, you switch to the services tab and find a HTTP web server on the network. By the end of this section, you know how to navigate the scan’s output and analyze the details shown on Zenmap.

Run a Network Scan After Disabling SSH:

This lab exercise teaches you how to use the compare results tool. First, you log into a Linux host and turn off the secure shell (SSH) service. Then you run the second Nmap scan using Zenmap on the Windows machine. After it finishes, you compare the second scan with the one taken in the first exercise. You learn that upon comparing scans, a red highlight or a symbol at the beginning of the line shows that a previous active service is now inactive.

Summary:

You have learned, from this lab, how to use Nmap to scan TCP ports using Windows Zenmap, mastering the following:

• Performing default network scans for devices and services.
• Saving and analyzing Nmap scan results.
• Comparing separate Nmap scan outputs to identify changes on the network.

Also, through using Nmap in this lab, you know network characteristics, and a better understanding of network and system vulnerabilities, so you can identify and manage network security risks.