Question

computer networks help please !!!

could someone help with the following tasks!

ANY HELP WILL BE IMMENSELY APPRECIATED! THANKS.

Task 1 In the following scenario, we would like to find out more information about a host that is on out network. Given an IP address we would like to search for additional information, we can start with obtaining the IP address off the default route. When running on a Linux VM, this like most likely to be the internal IP of the VirtualBox or VMWare instance. If you are running on Macos. Linux or LinuxSubsystemForWindows, this may be the local router on your subnet. Take care when running on a network you do not manage. You may choose to do this on the Kali Linux machines in the Network Lab in TONS 3.08. Authentication details for Kali lab machines; Usemame: root Password: toor Log onto your Linux VM or Kali lab machine Use route to find the default gateway, an edited example. Note that the gateway has the "flag" G, you may use grep or similar tools to select only this line route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.17.1 0.0.0.0 UG C 0 eth0 0 eth0 192.168.17.0 0.0.0.0 255.255.255.0 C 0 .Use arp to fine the MAC address of the host arp -an ? (192.168.17.2) at 00:aa:ff:00 : f8:02 [ether1 on eth0 ? (192.168.17.1) at 00:aa:ff:83: 3d: 42 [ether1 on eth0 ? (192.168.17.8) at 00:aa:ff:b5:al:c0 [ether] on eth0 Q) Can you identify the routers IP address and its MAC address? See man pages for route, arp Search for terms, the flag -K allows you to search for specific terms in available man pages man -K keyword Task 2 Let us now consider what network services are offered on the above host. We can use the nmap command to scan the services offered. Below is an example of a home network router (edited). You can see familiar ports and services. Each available service is listed as open You man need to install nmap as the root user, note nmap needs to run as the root user, when logged into the shell as the root user you will note the shell prompt changes from $ to S sudo su #apt-get install nmapP nmap 192.168.17.1 Starting Nmap 7.40 htt ps://nmap.org) at 2019-06-13 08:04 ACST Nmap scan report for fritz.box 192.168.17.1) Host is up (0.00042s latency) Not shown: 996 closed ports STATE SERVICE РОВТ 53/tep 80/tcp domain орen http https орen 443/tcp open 5060/tcp open sip MAC Address 001aaiff: 83 :3d:42 ( AVM Audiovisuelles Marketing und Computersysteme GmbH) Nmap done: 1 IP address (1 host up) scanned in 28.92 seconds If you are unable to find any open ports on your home routerVM gateway or Kali lab machine default gateway, try scanning ports on the local host of your Linux VM. Here is an exampile #nmap 127.0.0.1 Starting Nmap 7.40 htt ps://nmap.org) at 2019-06-13 08:08 ACST Nmap scan report for localhost (127.0.0.1) Host is up (0.000021s latency) Not shown: 992 closed ports PORT STATE SERVICE 22/tep 25/tcp 80/tep 5000/tcp open 6666/tep open 6667/tep open 6668/tcp open 6669/tep open ssh орen орen smtp http open upnp ire ire irc ire Nmap done: 1 IP address (1 host up) scanned in 1.64 seconds Q) Can you identify each of the services running, including an example of the cient software that would use this service? See man pages for, nmap Task 3 Using tcpdump, display any packets that originate from the router In this example we use tcpdump to select only the first ten packets with -c, typically we need to select a source IP address. Here we also do not use the extra verbose flags as we want easier access to the port numbers. When using the flag -n we do not look up the port numbers or the IP address to convert to names. Check these flags in the man page. $tcpdump n-c 10-1eth0. Q) Can you display the first 100 packets originating from the router or default gateway, showing the numeric values for the IP and port numbers? Task 4 Put all above meta data collection programs into a single script, display the data with suitable labels and performs the following tasks Search and display the IP for the default router, you may use grep, sed and other tools to select only the IP address Search and display the MAC address for the host Search and display the open" ports of the host Search and display the source and destination port numbers from the output of tcpdump for the first 100 packets (If you your router or default gateway does not have open ports, choose another IP or localhost.) Uses reference, URLS, links, man pages from previous relevant workshops.

Answer 1

Task 1
*********

kalinew [Running]- Oracle VM Virtual Box File Machine View Input Devices Help 1 Terminal- Sat 04:43 Applications Places root@kali:- File Edit View Search Terminal Help root@kali:#route -n grep G Destination Gateway Genmask Flags Metric Ref Use Iface ethe 172.16.104.1 0.0.0.0 UG 100 G. kli:-#| mimt.txt secret.bit received secret. txt revtcp.bxt image.jpg wxHexEdito autorun.exe fest, pcapna inew-imane WIF Pumpkin Isof bt diocal extracted hashes.txt txt Right Ctri 2:13 PM ENG U: 1.2 K 15/06/2019

kalinew [Running] - Oracle VM VirtualBax File Machine View Input Devices Help 1 Terminal Applications Places Sat 04:45 root@kali: File Edit View Search Terminal Help root@kali:# route -n Kernel IP routing table ation Flags tric Ref Use ay 172.16.104. 1 0.0.0.9 100 172.16.104.0 root@kali:~# arp 172.16.104.1 Address 255.255.255.0 ethe 0.0.0.0 100 HWaddress f2:56:9c:17 : b7 :70 Flags Mask Iface HWtype ether C ethe gateway root@kali:-# secret t revtcp.txt Image.jpg WxHexEdita autorun.exe inew-imane est, peapna . WIF Pumpkin Isof bt diocal extracted hashes.txt txt Right Ctri Di 2.1 K 2:15 PM 4ENG J:910 15/06/2019

Task 2
*********

kalinew [Running]- Oracle VM Virtual Box File Machine View Input Devices Help 1 Terminal Applications Places Sat 04:49 root@kali:- File Edit View Search Terminal Help root@kali:#route -n Kernel IP routing table tric Ref ation lags Use ay 172.16.104. 1 0.0.0.9 uC 100 172.16.104. root@kali: ~# nmap 172.16.104.1 starting Nmap 7.70 (https://nmap.org at 2019-06-15 04:47 EDT Nmap scan report for 172.16.104.1 Host 255,255.255.0 ethe 0.0.0.0 100 s up (0.012s latency). 2.16.104.1 are filtered MAC Address: F2:56:9C:17 : B7 : 70 (Unknown ) Nmap done: 1 IP address (1 host up) scanned in 22.43 seconds root@kali:-# autorun.exe new-iman test, peapna pg WIF Pumpkin isof brt dioral extracted hashes.txt txt Right Ctrl 2:19 PM 56/2019E5 I: 1.3 K 4) ENG

kalinew [Running] - Oracle VM VirtualBax File Machine View Input Devices Help 1 Terminal- Applications Places Sat 04:50 root@kali: File Edit View Search Terminal Help All 1000 scanned ports on 172.16.104.1 are filte red MAC Address: F2:56:9C:17: B7 : 70 (Unknown ) Nmap done i IP address (1 host up) scanned in 22.43 seconds root@kali:-# nmap 127 .0.0.1 Starting Nmap 7.70 https : //nmap.org) at 2019-06- 15 04:49 EDT Nmap scan report for localhost (127.0.0.1) Host is up (0.000012s latency) Al 1000 scanned ports on localhost (127.0.0.1) are closed Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds root@kali:~# nmap 172.16.104.124 Starting Nmap 7.70 (https://nmap.org at 2019-06-15 04:49 EDT Nmap scan report for 172.16.104.124 Host is up (0.00068s latency). shown PORT 80/tcp 135/tcp 139/tcp 443/tcp open https ports STATE SERVICE http test, peapna оpen open ms rpc netbios-ssn open 45/tcp open microsoft-ds 186 2103/tcp open zephyr-clt 2105/tcp open eklogin 2107/tcp open msmq- mgmt 5666/tcp open nrpe 7070/tcp open MAC Address: B0:10:41: 18:7B:23 (Hon Hai Precision Ind.) digtal realserver Nmap done: IP address (1 host up) scanned in 4.87 seconds root@kali: ~# Right Ctri Di 24 K 2:20 PM ENG Ji 6.0К 15/06/2019

kalinew [Running]- Oracle VM Virtual Box File Machine View Input Devices Help 1 Terminal- Applications Places Sat 04:51 root@kali: File Edit View Search Terminal Help MAC Address: B0:10:41: 18:7B:23 (Hon Hai Precision Ind.) 4.87 seconds . IP addres Nmap nned in akali# nma - sV -0 172. 16.104.124 Starting Nmap 7.70 https : //nmap.org at 2019-06-15 04:50 EDT Nmap scan report for 172.16.104.124 Host is up (0.00097s latency) Not shown: 989 filtered ports PORT STATE SERVICE VERSIO tod 2.4.33 ((Win32) OpenSSL/1.0.20 PHP/5.6.36) co Microsoft Windows RPC 135/tcp open msrpo 139/tcp 443/tcp Microsoft Windows netbios - ssn Apache httpd 2.4.33 ((Win32) OpensSL/1.0.20 PHP/5.6.36) (workgroup: WORKGROUP ) netbios-ssn open ssl/http microsoft-ds open 445/tcp open 1801/tcp open msmq? dows RPC 2105/tcn onen 2107/tcp open 5666/tcp open 7070/tcp open 1 service un recognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi- bin/s Microsoft Windows RPC me Microsoft Windows RPC msrpc tcpwrapped ssl/realserver? CE-Brt445.TCR:V=7. 70 T= 7%D= 6 / 15%Time=5D04B16B % P = x86 64-pc-linux-gnu%r (SMB SF : ProgNeg, 73, "θ10Υθ0)xffSMB r| ογο)0)0 x88) x0 1@θγο)0γοθ) 0)0) 0θΥ0)0)0)ΘΥ SF : 00/x0610101χ0 1)01x11)x071θΥχ032) 01x0 1)θ1 0Q1 0γθγογθ)χ0 110)010ΛΘ1 0 Υxfcίxε SF:3x0110/\x94\x8dlW#\xd5\x01\xb6\xfe\x08\ *\0\x94\x8c\x1fv\xe@\xdb\xd 7\xc SF : 61001ΘR) 0K1 0610R)00γουγ0Ρ10θγΟM)ΘA)0D) ΘH) ΘΑ)0V) θ) 0 Λθ" ) ; MAC Address: B0:10:41:18:7B:23 (Hon Hai Precision Ind.)) warning: oSScan results may be unreliable because we could not find at least open and 1 closed port evice typ USSTNGMicrosoft Windows 7 | 2008 (89%) os CPE: cpe:/o : mic rosoft : windows 7 cpe:/o: mic rosoft : windows server 2008: : spl cpe:/o : mic rosoft : windows server 2008: r2 Right Ctri Di 1.9 K 2:21 PM 0 ) ENG ^ 15/06/2019

kalinew [Running] - Oracle VM VirtualBax File Machine View Input Devices Help 1 Terminal Applications Places Sat 04:51 root@kali: File Edit View Search Terminal Help PORTutfile STATE SERVICE 80/tcp VERSION http Apache httpd 2.4.33 ((Win32) OpenSSL/1.0.20 PHP/5.6.36) open open Microsoft windows netbios - ssn nethi 139/t 443/tcp open 445/tcp open microsoft -ds 1801/tcp open msmq? 2103/tcp open msrpc os-ssn ssl/http Apache httpd 2.4.33 ((Win32) OpenSsL/1.0.20 PHP/5.6.36) (workgroup: WORKGROUP) Microsoft Windows RPC Microsoft Windows RPC 2105/tcp open msrpc Microsoft Windows RPC 5666/tcp open tcpwrapped 7070/tcp open 1 service un recognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap . org/cgi- bin/s ubmit.cgi?new-service SF- Port445 - TCP : V=7 .70 % I=7%D=6/15%Time=5D04B16B%P=x86_64 - pc - linux- gnu%r (SMB ssl/realserver? SF: 0@X86\91ex@1\©\X11x97\@\x032\\x01\o\®@\@1eve\@\x@1\®1e\®\@\®\xfc\xe SF:3 X0110/\x94\x8dlW#\xd5\x01\xb6\xfe\x08\*\0\x94\x8c\x1fv\xe@\xdb\xd 7\xc SF : 6)001ΘR) 0K1 0610R)00γουγ0P1Θθγ0Μ)ΘΑ)0 D) ΘH) ΘΑ)0V) θ) 0 Λθ" ) ; MAC Address: B0:10:41:18:7B:23 (Hon Hai Precision Ind.) warning: oSScan results may be unreliable because we could not find at least Device ypTUESSTNG). Microsoft Windows 712008 (89 %) open and 1 closed port OS CPE: cpe:/o:microsoft : windows 7 cpe:/o:microsoft : windows server 2008:: spl cpe:/o:microsoft: windows server 2008: r2 Aggressive OS guesses: Microsoft Windows 7 (89%), Microsoft Windows Server 2008 SP1 or Windows Server 2008 R2 (88%) No exact OS matches for host (test conditions non-ideal). Network Distance: 1 hop Service Info: Host: MADHAV OS: Windows; CPE: cpe:/o:microsoft: windows TO peormed. Pleas in 6 T orrect results at https://nmap.org/submit/ IP address and Ser up) scann root@kali: ~# | Right Ctr Di 3.2 M 2:21 PM dENG U 2.5 K 15/06/2019

Task 3
*********

kalinew [Running]- Oracle VM Virtual Box File Machine View Input Devices Help 1 Terminal Applications Places Sat 05:13 root@kali:- File Edit View Search Terminal Help 8 packets dropped by kernel root@kali:-# tcpdump # -nn - t -c 100 i ethe epaump :ocol decode full si7 ** 1ink.tyne EN10MB (Ethernet) 262144 ht tht ing 1 IP 145.239.1.122.80 > 172.16.104.124.9445: Flags [.], ack 1346637151, win 29578, length 0 145.239.1. 122.80 Flags [.], ack 1, win 64999, length 2 IP 172.16.104.124.9445 3 IP 74.125.200.109.993 172.16.104.124.2520: Flags [], ack 3814050767, Win 62920, length 4 IP 74.125.200.109.993 172.16.104.124.2520: Flags [), ack 1, win 257, length 109.993: Flags T.J, ack 33 ack 3137215837, win 64353, length 168 5, 208.89.12.87 . 443 : Flags [P.], seq 168 : 214, ack 1, win 64353, length 46 IP 172.16.104.124.2500 8 IP 208.89.12.87.443 172.16.104.124.2500: Flags [.1, ack 168, win 9914, length 0 9 IP 208.89.12.87.443 172.16.104.124.2500: Flags [.], ack 214, win 9960, length 0 10 IP 208.89.12.87.443 172.16.104.124.2500: Flags [P.], seq 1:47, ack 214, win 9960, length 46 11 IP 172.16.104.124, 2500 208.89.12.87.443 : Flags [.], ack 47, win 64307, length 0 13 TP 172. 16.104. 124.2504 106.10.231.25.993: El 1. ack 1. win 268 1enath length 0 14 IP 208.89.12.87.443 172.16.104.124.2500: Flags [P. ] , seq 47:876, ack 214, win 9960, length 829 15 IP 172.16.104.124.2500 208.89.12.87.443: Flags [.1, ack 876, win 65228, length e 16 IP 106.10.231.25.993 172.16.104.124.2504: Flags [], ack 1, win 31, length 17 IP 151. 101.193.69.443 172.16. 104.124.2506: Flags .], ack 32487858 19 , win 29200, length IP 172.16. 104. 124 2506 51010 : gs , ack , Win 66, Length 20 IP 192.0.73.2.443 172 . 16.104.124.2507: Flags [.], ack 3262013348, win 29200, length 21 IP 104.16 . 27 . 34 . 443 > 172.16.104. 124.2509 : Flags [.], ack 24355643 14 , win 29200, length 22 IP 192.0.73.2.443 172.16.104.124.2507: Flags [.], ack 1, win 62, length 0 18 23 IP 74. 125.200.109.993 172. 16.104.124.2519: Flags [.], ack 205266864, Win 62920, length e IP 104.16.27.34.443 172.16.104..124.2509 Flags [.], ack 1, win 31, length IP 74.125.130.108.993 172.16.104.124.9543: Flags [.], ack 1602435539, win 62920, length 24 25 ir 74 125 20e0 199 903 gs ack 1552 E 19, length TP 172.16. 104. 124.2519 28 IP 172.16.104.124..9543 74.125.130.108.993: Flags [.], ack 1, win 256, length 0 E Right Ctri 2:43 PM U 2.1 K ENG 15/06/2019

kalinew [Running] - Oracle VM VirtualBax File Machine View Input Devices Help Terminal 1 Applications Places Sat 05:13 root@kali: - File Edit View Search Terminal Help 73tf IP 172.16.104.124.2252 54.213.74.162.443: Flags [.], ack 33, win 256, length 0 74 IP 40.90.189.152.443 > 172.16.104.124.9444: Flags 1, ack 28786767, win 8192, length 0 win 6975 lenath 6 IP 40.90.189, 152.443 > 172 . 16 . 104. 124.9444; Flag 77 IP 162.247.242.20.443 172.16. 104.124.2481: Flags [.], ack 708268114, win 4254, length e L1. ack 1 76 78 IP 172.16.104.124.2481 162.247.242.20.443: Flags [.], ack 1, win 63095, length e IP 145.239.1.122.80 172.16.104.124.9445: Flags [.1, ack 1, win 29578, length 0 80 IP 74.125.130.108.993 172.16.104.124.9546: Flags [.], ack 534083313, win 62920, length 0 79 81 To .1 124.9540 Flags . ack 1, win 262, length 0 . IP 172.16.104.124.9546 74.125.130. 108.993: Flags [.], ack 1, win 257, length 0 83 IP 198.252.206.25 . 443 > 172 . 16.104.124. 25 16: Flags [.], ack 483506069, win 29200, length e 84 198.252.206.25.443: Flags [.], ack 1, win 257, length length 0 85 IP 172.16.104.124.2516 IP 198.252.206.25.443 172.16.104.124.2516: Flags [.], ack 1, win 60, 87 IP 74.125.200.109,993 172.16. 104.124.2523: Flags [.], ack 138382389, win 62920, length 0 86 IP 106.10.231.25.993 172.16.104.124 .2517 : Flags [.], ack 3163102177 , win 14600, length 0 90 IP 106.10 . 231.25.993 > 172.16.104.124.2517: : Flags [ . ], ack 1, win 31, length IP 74.125.200.109.993> 172.16.104.124.2525: Flags [.], ack 2434113737, win 62920, length e 91 IP 74.125.200.109.993 172.16.104.124.2525: Flags [.], ack 1, win 262, length 0 92 74.125.200.109.993: Flags [.], ack 1, win 255, length 0 93 IP 172.16.104.124.2523 TR 172 16 104 124 9445 IP 145.239.1.122.80 172 . 16. 104.124.9445 Flags [.], ack 1, win 29578, length 145 239 122 80 E1 length 1: HTTP 96 208.89.12.87 . 443 : Flags [P.], seq 427 : 594, ack 1750, win 64354, length 167 208.89.12.87.443: Flags [P.], seq 594:640, ack 1750, win 64354, length 46 97 IP 172.16.104.124.2500 98 IP 172.16.104.124.2500 IP 208.89.12.87.443 172.16.104.124.2500: Flags [.1, ack 594, win 10340, length e 99 IP 208.89.12.87.443> 172.16.104. 124.2500: Flaqs [.], ack 640, win 10386, length 100 100 packets captured Pac eceived b nel Iropped by er root@kali:-# Right Ctri 2:43 PM U 1.4 K ) ENG 15/06/2019

Task 4
********

script.sh
***********

ip route show default | awk '/default/ {print $3}'
ifconfig -a | grep ether | awk '{print $2}'
netstat -l

tcpdump -# -nn -t -c 100 -i eth0 > dump.pcap

kalinew [Running] - Oracle VM VirtualBax File Machine View Input Devices Help Terminal 1 Applications Places Sat 05:38 root@kali:- File Edit View Search Terminal Help root@kali:#bash script.sh root@kali:# bash script.sh e8:00:27:5f:cd:0a Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address udp Foreign Address State 0 0.0.0.0: bootpc 0 0.0.0.0: 0 :ipv6-icmp raw6 0 Active UNIX domain sockets (only servers) RefCnt I-Node Path unix unix unix ACC 1 [ ACC 1 / run/lvm/lvmpolld . socket /run/user/0/keyring/cont rol STREAM LISTENING 10247 STREAM LISTENING 19483 ACC 1 @/tmp/.ICE-unix/1066 @/tmp/.X11- unix/Xe @/tmp/.X11- unix/X1 STREAM LISTENING 20031 unix [ACC LISTENING 15424 STREAM unix T ACC STREAM LISTENING 19621 ACC 1 /t mp/ . ICE - unix/732 @/tmp/. ICE- unix/732 /run/uuidd/ request /var/run/dbus/system STREAM LISTENING 15978 unix [ACC ACC IACC 1 STREAM LISTENING 15977 STREAM LISTENING 12381 unix unix LISTENING 12385 bus socket STREAM [ACC ] /var/run/pcscd/pcscd . comm /run/udev/control STREAM LISTENING 12389 unix CKET ENTNC [ ACC [ ACC 1 @/tmp/dbus- ghJTJTOy run/systemd/fsck.progress /run/user/0/systemd/private @/tmp/dbus- HybmuJ bn /run/user/0/gnupg/S.gpg-agent run/use r/0/gnupg/S . di rmngr /run/user/0/gnupg/S.gpg-agent.browser STREAM LISTENING 19503 STREAM LISTENING 10399 IACC STREAM LISTENING 19365 ACC [ACC STREAM LISTENING 19502 unix 2 STREAM LISTENING 19372 unix [ACC 1 2 STREAM LISTENING 19375 unix STREAM ACC 19379 ACC 1 2 STREAM LISTENING 19381 / run/use r/0/gnupg/S . gpg - agent . ext ra unix Right Ctri 3:08 PM ) ENG U: 1.1 K 15/06/2019

if you have any doubt then please ask me without any hesitation in the comment section below , if you like my answer then please thumbs up for the answer , before giving thumbs down please discuss the question it may possible that we may understand the question different way and we can edit and change the answers if you argue, thanks :)