[go: up one dir, main page]
Scribd
Upload
74 views23 pages

Nmap and Wireshark Network Scanning Guide

Uploaded by

akramabu6
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
74 views23 pages

Nmap and Wireshark Network Scanning Guide

Uploaded by

akramabu6
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

TITLE: SCANNING USING

NMAP AND WIRESHARK


PRAJWOL SUBEDI
Mentor: DIMPLE CHAUHAN
[Link]

[Link]
WARNING NOTICE

This presentation is intended for educational and research purposes only. The information
contained herein is meant to demonstrate network scanning and analysis techniques using Nmap
and Wireshark in a controlled and ethical manner.

Unauthorized scanning or packet capture of networks without explicit permission is illegal and may violate laws.

Ethical hacking and penetration testing should only be performed on systems you own or have written permission to test.

Any misuse of the tools or techniques discussed in this presentation is strictly prohibited, and the presenter takes no
responsibility for any unauthorized or unethical use.
• Proceed with caution and ensure compliance with legal and ethical standards.
AGENDA

• Introduction about project


• Introduction about tools:
• Introduction about Wireshark
• Introduction about Nmap and NSE

• Project requirement and testing website/network


• Perform Wireshark IDS/Firewall evade techniques ( 3 techniques)
• Perform NSE scanning for testing network/website (3 scripts )
• Conclusion
• Reference
• Thank You
INTRODUCTION OF PROJECT

This project explores network scanning and packet analysis using Nmap,
Wireshark, and NSE, three essential tools in cybersecurity and network
troubleshooting.
INTRODUCTION ABOUT TOOLS

• Wireshark (Network Protocol Analyzer)


• Nmap (Network Mapper)
• Nmap Scripting Engine (NSE)
WIRESHARK (NETWORK PROTOCOL
ANALYZER)
Wireshark (Network Protocol Analyzer)
A packet capture and analysis tool used for monitoring network traffic.
Helps troubleshoot network issues, analyse protocols, and detect suspicious activities.
Displays data in real-time, allowing deep packet inspection for cybersecurity investigations.

Example Usage:
• Capturing and analysing TCP/IP traffic.
• Detecting malicious packets and security threats.
• Inspecting firewall evasion techniques.
NMAP (NETWORK MAPPER)

A powerful network scanning tool used for reconnaissance and security audits.
Identifies live hosts, open ports, running services, and operating systems.
Supports different scanning techniques such as SYN scan, UDP scan, and firewall evasion.

Example Usage:
•nmap -sV <target> → Detect running services.
•nmap -A <target> → Perform an advanced scan.
•nmap -D RND:5 <target> → Evade IDS with decoys.
NMAP SCRIPTING ENGINE (NSE)

An extension of Nmap that automates tasks using Lua scripts.


Used for vulnerability detection, malware analysis, and brute-force attacks.
NSE scripts are categorized into discovery, intrusion detection, exploitation, and more.

Example Usage:
•nmap --script vuln <target> → Detect vulnerabilities.
•nmap --script firewall-bypass <target> → Test firewall security.
•nmap --script smb-os-discovery <target> → Gather Windows system details.
PROJECT REQUIREMENTS & TESTING
ENVIRONMENT
Project Requirements & Testing Environment
Tools Required
Nmap – For network scanning and security auditing.
Wireshark – For packet capturing and network analysis.
Kali Linux – A penetration testing OS with built-in security tools.
Windows System – Target machine for testing.
Virtual Machine (VMware/VirtualBox) – To set up test environments safely.
TESTING WEBSITE & NETWORK SETUP
Test Network Setup
Windows Server IP: 192.168.4.** (Target Machine)
Kali Linux IP: 192.168.4.** (Attacker Machine)
Network Mode: NAT for controlled testing.

Testing Websites for Scanning


[Link]– A deliberately insecure web app for penetration testing.
[Link] – A publicly available vulnerable website.
1️⃣ PACKET FRAGMENTATION

Concept:
•The attacker splits a malicious payload into
multiple small packets to avoid detection.
•IDS may fail to reassemble packets properly,
missing the attack.

Command to Fragment Packets:


nmap -f <target-ip>

Fig-1
Wireshark Detection:
•Apply filter → [Link] == 1
•Look for unusually small fragmented
packets.

Countermeasure:
•Enable packet reassembly in IDS.
•Set fragmentation threshold to block small
packets.
2️⃣ IP ADDRESS DECOY

Concept:
•Attackers spoof multiple fake IPs in their scan to hide their real identity.
•IDS struggles to track the real attacker.

Command to Use Decoy IPs:


nmap -D RND:10 192.168.**.**

Wireshark Detection:
•Apply filter → [Link] == Narrow down IP and put Multiple IPS
•Look for many IPs scanning the same target.

Countermeasure:
•Use firewall rules to detect & block decoy scanning.
•Implement rate limiting for repeated scan attempts.
3️⃣ SOURCE PORT MANIPULATION
Concept:
•IDS may allow traffic from common ports (e.g., HTTP 80, DNS
53).
•Attackers change their source port to blend in with normal
traffic.

Command to Manipulate Source Port:


nmap -g 53 <target-ip>

Wireshark Detection:
•Apply filter → [Link] == 53
•Look for unusual connections from non-standard sources.

Countermeasure:
•Implement deep packet inspection (DPI).
•Block unexpected protocol behavior on critical ports.
SUMMARY & DEFENSE MEASURES
Packet Fragmentation → Reassemble packets in IDS.
IP Decoy → Monitor multiple IPs scanning the same host.
Source Port Manipulation → Inspect traffic patterns for anomalies.
WHAT IS NSE?

• NSE scripts are categorized into different types:


• Discovery – Identify live hosts, open ports, etc.
• Vulnerability – Detect security flaws.
• Exploitation – Exploit detected vulnerabilities.
• Intrusive – Aggressive scans that may trigger IDS alerts.
1️⃣ Script nmap --script http-headers <target-IP/website>

• Purpose: Retrieves and analyses HTTP headers from a target web server.
Why Use It? Identifies key details about the web server like server type,
security headers, and cookie settings.
2️⃣ SCRIPT: NMAP --SCRIPT=[Link] -P445
192.168.**.**

• Target Machine: Windows Server (Virtual BOX)


Purpose: Detects system information such as OS details, domain info, and
shares.
3️⃣ Script: [Link] (Vulnerability Scanning)

Target Website: [Link]


Purpose: Identifies known vulnerabilities (CVEs) based on detected services.
Command: nmap --script [Link] -sV [Link]

Output:
Next Slide
CONCLUSION

In this project, we explored the powerful capabilities of Nmap and Wireshark for network scanning,
vulnerability assessment, and intrusion detection evasion. The following key insights were observed:
Nmap effectively identified active hosts, open ports, and running services, helping to assess network security.
The Nmap Scripting Engine (NSE) proved useful in detecting vulnerabilities, gathering system information, and testing
firewall evasion techniques.
Wireshark played a crucial role in analyzing captured network traffic, highlighting potential security risks and
identifying packet manipulation tactics.
Techniques like Packet Fragmentation, IP Address Decoy, and Source Port Manipulation demonstrated how
attackers attempt to bypass IDS and firewall defenses.
Key Takeaway:
• By combining Nmap for proactive scanning with Wireshark for deep packet analysis, cybersecurity professionals can
effectively identify vulnerabilities, detect suspicious activities, and strengthen network security.
REFERENCES

• PortSwigger Web Security Academy (Learning Resource)


[Link]
• Metasploitable (Testing Platform)
[Link]
• GeeksforGeeks - Nmap Tutorials
[Link]
• Icons8 - Free icons for design and presentations
[Link]
Thank You!
For your time and attention
Feel free to ask any questions
Looking forward to your feedback

Presented By: Prajwol Subedi


Email: [Link]@[Link]
LinkedIn Profile: [Link]
subedi/

You might also like