2. Performing Reconnaissance and Probing Using
Common Tools
(2015)
Juanita M. McConnell
Computer Network Systems
ITT Technical Institute, Philadelphia, PA 19106
Contact:
JMcConnell152@email.itt-tech.edu
3. Cybercriminals and hackers have a great advantage over Information Technology (IT)
Professionals specializing in Security. Unlike IT security experts hackers do not need to
study networks and networking protocols in great depth. They typically have to make one
clean attack on a network to do damage, i.e. one vulnerability or knowledge of a tool that
attacks specific vulnerabilities.
Approximately every two years, IT routinely changes to prevent attacks and improve
manageability. Patches and updates are performed on computer hardware and software, on
the seemingly daily or weekly basis. IT is a field that will forever be on developmental
mode. This adversity does not stop thousands of workers from entering the field each year.
Similar to police officers, medical professionals, and especially the military who combat
hardships on a defensive front everyday, IT experts are committed to protecting liberty,
prosperity and assets in our technological world.
4. When cybercriminals and hackers attempt to attack a network, they engage in what can be described
as a 5-step method which includes:
Reconnaissance – Choosing or identifying a target and gathering
any available information.
Scanning – Using tools to scan a network and monitoring
the connection.
Vulnerability Analysis – Preparing for the attack ~ the when, the where,
the how and what to be gained.
Exploitation – The actual attack.
Post-Activities – Gathering and/or distributing data, assets or
preparing for additional harmful attacks such as
a backdoor to a system.
5. The focus of this project is Reconnaissance.
Reconnaissance is the process in which hackers identify a target and acquire
any and all information about the target. They will scan a network to identify
Internet Protocol (IP) hosts, open ports, and services, enabled on servers and
work stations.
In this project, I identify several common programs that hackers use to
identify vulnerabilities in a given network.
Focus
6. Learning Objectives and Outcomes
5. Explain how attackers use common network scanning and analysis tools to
compromise networks.
1. Explore common network scanning and analysis tools.
2. Perform network reconnaissance and probing on the machines in the Virtual
Security Cloud Lab (VSCL).
3. Use Zenmap to perform an Intense scan on a entire subnetwork (172.30.0/24).
4. Create a Fisheye Bubble Chart to explain the relationships between devices on a
network.
8. Wireshark is a protocol analyzer tool, also known as a
“packet sniffer.” It is used to aid other programs in capturing
Internet Protocol (IP) traffic.
Wireshark
A packet is the unit of data that is travels from one place to another on the Internet.
9. • A data analyst will use
Wireshark to ping a
network and subsequently
capture traffic packets
using Internet Control
Message Protocol
(ICMP).
• In this screen capture, I
was able to show data
traffic using a Virtual
Student Cloud
Environment on network
172.30.0.10.
Capturing Traffic Packets on a Network
10. NetWitness Investigator is an application that allows you to view, analyze, and
compare packets captured by Wireshark and other similar traffic monitoring
programs. It can recognize and order IP addresses, Web addresses, E-mail addresses,
User accounts, and actions such as logins, sendtos, sendfroms, attachments etc.
NetWitness Investigator
11. OpenVAS
OpenVAS is a program that performs remote scans and audits of systems like
UNIX, network infrastructures. It can also perform network discovery on
operating systems, databases, devices, applications, and services running on
theses systems. It is furnished with a Greenbone Security Assistant program
guide for ease of use.
12. FileZilla
FileZilla is an application that is used to transfer files using File Transfer
Protocol (FTP) on remote workstations.
13. Tftpd64
Tftpd64 is another application that is used to transfer files using File Transfer
Protocol (FTP) on remote workstations.
14. PuTTy
PuTTY is another type of file transfer application, terminal emulator, and serial
console. PuTTY uses the Secure Shell (SSH) protocol to access remote
computer in a secure fashion. The Linux Command terminal shell window is
launched upon connection. The following images depict command-line access
on the Linux and Cisco terminals and a PuTTY configuration window.
15. Zenmap
Zenmap is program that scans networks
and performs a targeted IP subnetwork
Intense Scan which identifies what hosts are
available on the network including services
such as applications (name and version),
operating systems (name and version) and
what security features are in place including
packet filters and fire walls.
The image features a ZenMap ping Scan.
A host is a system that contains data. Also defined as a computer or electronic
device that has, sends, or receives information over the Internet.
16. Fisheye Bubble Topology Chart
of IP Hosts on Network 172.30.0.10.
• A bubble chart is a type of graph used to show
relationships, by size, of different variables across
an XY axis.
• A fisheye lens is a tool that can be used to change
the shape and orientation of the graph.
• A fisheye bubble chart combines the two features.
This topology identifies the hosts on network 172.30.0.10 and the level of activity from each host
in relation to one another. Activity includes several variables across the XY axis i.e. Web
addresses, E-mail addresses, User Accounts, and actions such as logins, sendtos, sendfroms,
attachments etc. Network 172.30.0.10 has the greatest threats followed by the networks with
yellow circles, followed by the ones with green circles.
17. Summary
There are many programs to use when scanning a network for vulnerabilities. I have identified several
applications and programs including WireShark, NetWitness Investigator, OpenVAS, FileZilla, Tftpd64,
PuTTy, Zenmap. These programs are used interchangeably to handle different functions of the scanning
process.
First, WireShark is used to take a detailed picture or scan of a given network. Second, the files that
Wireshark has gathered are then analyzed by programs such as NetWitness Investigator to identify
vulnerabilities into more easily recognizable terms such as, web addresses, email addresses, users
accounts etc.
OpenVAS is a program that is able to scan networks from a remote location. Secondary programs such
as FileZilla and Tftpd64 are able to transfer files collected by OpenVAS in a secure manner.
18. Summary continued…
PuTTY is another file transfer program that is able work across the board in terms of different
operating systems like Windows and various version of Linux. PuTTy uses Linux command terminals
and Cisco operating systems to fulfill its versatile capabilities in file transfers.
Last but not least is Zenmap, which is a program designed to scan networks revealing specific
program names and versions Zenmap is even able to expose precise information about network
firewalls!
The use of topology charts such as Fisheye charts are an easy tool to use when presenting network
findings in a meeting.
Identifying common network scanning tools and how to use them is a great start to protecting a
network. If at any time a data analyst is able to find vulnerabilities before a cybercriminal or hacker
does than, that is a day for a short celebration and boost of energy for the next challenge.
19. THE END
Author Note
Juanita M. McConnell, Computer Network Systems, ITT Technical Institute.
Juanita McConnell is a student at ITT Technical Institute studying Computer
Networking, Computer Infrastructure and Computer Programming.
Correspondence concerning this PowerPoint should be addressed to
Juanita McConnell,
Computer Network Systems,
ITT Technical Institute, 105 South 7th St., Suite 100 Philadelphia, PA 19106
Contact: JMcConnell152@email.itt-tech.edu
Introduction to Information Systems Security (IT255P)
Performing Reconnaissance and Probing Using Common Tools
(2015)
The information used in this presentation was derived from Lab Assignment Reconnaissance
by ITT Technical Institute IT255P course curriculum.