SAT3812 – Lab 2

SAT 3812 Cyber Security I

Lab2: CLI Scanning and Network Sniffing
Time Estimation: 2 - 3 hours

Lab Environment: Kali VM and Kali 2 VM

Kali IP: 192.168.2.2
Kali2 IP: 192.168.2.3
Subnet mask: 255.255.255.0
Gateway: 192.168.2.1
DNS: 192.168.2.1
We will use these IP addresses as examples, please change them to your designated IPs and subnets.
Make sure your Kali and Kali2 can ping each other.

Goal: This lab will introduce you to methods of network scanning and sniffing, which is often used for
reconnaissance before attacking/hacking a computer system/network. You will learn various tools that
network security professionals use to enumerate network resources.

Prior Knowledge: We will be using a lot of Linux commands starting from this lab. If you need a
refresher on Linux, please visit the Linux Primer in SAT3812 on Canvas.

Section 1: Kali & Kali Update

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing.
In March 2013, the Offensive Security team created a fork of BackTrack named Kali Linux that
synchronizes with Debian’s repositories daily, constantly providing you with the latest package updates
and security fixes available. Kali is one of the Most Popular Penetration Testing Platforms.

Q1.1.1: Approximately how many cybersecurity tools are included with Kali?

We need to update Kali now. On Kali VM, run the following command:
apt-get update

apt-get install vsftpd

vsftpd is a FTP server software that we will use later.

Do the same thing on Kali2 and Kali3 for future operations.

Linux tricks on Command Prompt:

1) Use the up and down arrow key on your keyboard to find historical commands you typed in
previously.

1|Page
 SAT3812 – Lab 2

2) Use the “tab” key on your keyboard to auto-complete a command or a filename. For example, say you
want to type in “ls /etc/network/interfaces”, you can just type in “ls /etc/network/int” then hit the TAB
key, then Kali will auto complete the rest for you.

3) (This trick can be confusing with trick 2. Skip it if you don’t like to use it.)
Use to the right arrow key “->” to complete a history command. For example, after step 2, when you
type “ls ”, the command prompt will show “ls /etc/network/int” with gray color on the latter part. You
can use the arrow key to complete the command, or “Backback” to go back a few characters.

Section 2: Scanning from the Command-Line Interface (CLI)

Scanning from the command line can be a very powerful tool for network security professionals.
Learning how to navigate and use a command line, is more consistent and less prone to changes, as with
the applications GUI. Although new commands may be introduced, the original commands remain the
same. Building on this idea the command line can also give the security professional a broader set of
options when conducting scans buy allowing them to use options that may not be built in to the GUI
version of the same program. This may allow them to conduct the scan quicker or more importantly
with greater stealth capabilities.

2.1. CLI Scanning with Nmap:

https://nmap.org/

In this section you will use Nmap via the command-line function (not the GUI function) of this
application to permit for additional flexibility and for you to become more efficient in testing your
network. Nmap is a powerful penetration testing and security auditing utility.

Open Kali and Kali2 VM.

On Kali machine, you can run Nmap via CLI to do many types of scans.

Warning: Due to security reasons, you can NOT Nmap Internet hosts from VMs. However, you
can Nmap any internal VM hosts (within 192.168.2.x).

Try to scan a host

nmap -O 192.168.2.3
What is the “-O” option in nmap? Search online but no need to submit the answer.

2|Page
 SAT3812 – Lab 2
If the command needs root privileges, you can run
su
or
sudo xxxxx (the actual linux command)

You can also use nmap to scan a subnet

nmap -sS 192.168.2.0/24
What is the “-sS” option in nmap? Search online but no need to submit the answer.

Please create a TCP SYN stealth scan that fingerprints the OS for your IP range (192.168.2.0/24).

Q2.1.1: What command did you used to accomplish this task?

Q2.1.2: Explain how a TCP SYN stealth scan works.

Create a FIN scan on your range of IP addresses that you have been provided for this course.

Q2.1.3: What command did you used to accomplish this task?

Q2.1.4: Explain how a FIN scan works.

Create a XMAS scan on your own IP range 192.168.2.0/24.

Q2.1.5: What command did you used to accomplish this task?

Q2.1.6: Explain the significance of an XMAS scan and how it works.

Create a PING scan on the entire 192.168.2.0/24 network. Save the output (as normal output) in a file
called network_ping_scan.txt

Q2.1.7: What command did you used to accomplish this task?

Section 3: Wireshark for Packet Sniffing

http://www.wireshark.org/
3|Page
 SAT3812 – Lab 2
Wireshark is the world's foremost network protocol analyzer. It lets you see what's happening on your
network at a microscopic level. It is the de facto standard across many industries and educational institu-
tions.

3.1. Installing FTP server and client

Let’s first install vsftpd server on Kali and ftp client on Kali 2.

On Kali VM, run

apt-get install vsftpd
This will install vsftpd server on Kali.

To start the ftp server service, run

service vsftpd start

To verify whether a ftp server is running,

netstat -nat
You should see port 21 open.

On Kali2 VM, run

apt-get install ftp
This will install ftp client on Kali 2.

3.2. Using Wireshark to Sniff FTP Connections:

On Kali VM, start the Wireshark application in capture mode.
Can you figure out how to start Wireshark in Kali?
(Hints: Wireshark is a sniffing & Spoofing tool)

In Wireshark, select eth0 (double click) and start packet sniffing.

On Kali 2 VM, run ftp client to ftp into Kali,

ftp 192.168.2.2
You can use the account below for FTP:
username: sat3812
password: P@ssw0rd

Once you login FTP from Kali 2 to Kali, please stop the packet sniffing on Kali. Wireshark live capture
requires a lot of memory and may slow down your VM. You may see something like below:

4|Page
 SAT3812 – Lab 2

In Wireshark, type “FTP” in display filter to filter out other packets. See screenshot below.

Look through these FTP packets, one of them has your username, and the other has your password in
clear text. See screenshot below for username.

5|Page
 SAT3812 – Lab 2

Screenshot 1: Capture a screenshot of a FTP packet containing the password in clear text.

This exercise shows you how dangerous it is to use unencrypted telnet, ftp, email, and web
authentication.

Q3.2.1 How can you protect yourself from sniffers stealing username and passwords, along with
viewing the data translated within a given remote connection?

Section 4: Securing Network Authentication

From Section 3 we can see that network reconnaissance and eaves drop attacks can be exploited to gain
access to sensitive information like user credentials. It is important to secure all communication for
sensitive information across both an internal and external network such as the Internet.

ssh is a network protocol that establishes an encrypted connection between two devices allowing for
network traffic to be securely passed.

On Kali, to install ssh server, you can run

apt-get install openssh-server
During the installation, it may pause and show you some important message, hit “q” to quit the message
and continue. It may also show a screen with additional installation/configuration, just hit “enter”
multiple times. It will complete the installation for you.

To start ssh service, you can run

6|Page
 SAT3812 – Lab 2
systemctl start ssh.service

Now open Wireshark on Kali VM and begin a packet capture.

On Kali 2, ssh client is installed by default.

To login ssh from Kali 2 to Kali, run
ssh sat3812@192.168.2.2
Password is the default one.

Once you ssh from Kali 2 to Kali, stop your WireShark capture on your Kali machine. Again, click on
SSH packets and look through them.

Q4.1.1: From the WireShark output, what version of ssh are you using?

Q4.1.2: Explain in a brief paragraph what you observed from your WireShark output. Were you
able to view the username and password? Why or why not?

Screenshot 2: Capture a screenshot of a packet containing the results from ssh and submit it with
your lab, this should show the version of ssh that you are using.

7|Page
 SAT3812 – Lab 2

General Questions

GQ.1. How long did it take you to complete this lab?

GQ.2. On a scale of 1-10 (with 1 being very simple and 10 being very challenging), how would you
rate this lab?

GQ.3. Did you watch the lab video? If yes, how did the lab video help you finish the lab (on a scale
of 1-10, with 1 being not helpful and 10 being very helpful)?

Lab Questions

Q1.1.1: Approximately how many cybersecurity tools are included with Kali?

Q2.1.1: What command did you used to accomplish this task?

Q2.1.2: Explain how a TCP SYN stealth scan works.

Q2.1.3: What command did you used to accomplish this task?

Q2.1.4: Explain how a FIN scan works.

Q2.1.5: What command did you used to accomplish this task?

Q2.1.6: Explain the significance of an XMAS scan and how it works.

Q2.1.7: What command did you used to accomplish this task?

Screenshot 1: Capture a screenshot of a FTP packet containing the password in clear text.

Q3.2.1 How can you protect yourself from sniffers stealing username and passwords, along with
viewing the data translated within a given remote connection?

Q4.1.1: From the WireShark output, what version of ssh are you using?

Q4.1.2: Explain in a brief paragraph what you observed from your WireShark output. Were you
able to view the username and password? Why or why not?

Screenshot 2: Capture a screenshot of a packet containing the results from ssh and submit it with
your lab, this should show the version of ssh that you are using.

8|Page