BOGOTA D. C.
Taller Scaneo de Puertos
Revisar todas las maquinas que se encuentren en la red.
equipo03:/home/fus # nmap -sP 172.21.8.0/24
Starting Nmap 5.00 ( http://nmap.org ) at 2011-07-27 19:49 COT
Host 172.21.8.1 is up (0.0011s latency).
MAC Address: 00:25:45:6D:89:11 (Cisco Systems)
Host 172.21.8.4 is up (0.00023s latency).
MAC Address: 00:1C:C0:50:A8:71 (Intel Corporate)
Host 172.21.8.6 is up (0.00019s latency).
MAC Address: 00:1C:C0:51:25:18 (Intel Corporate)
Host 172.21.8.10 is up (0.00029s latency).
MAC Address: 00:1C:C0:50:C4:03 (Intel Corporate)
Host 172.21.8.17 is up (0.00020s latency).
MAC Address: 00:1C:C0:48:B7:25 (Intel Corporate)
Host 172.21.8.20 is up (0.00018s latency).
MAC Address: 00:21:85:16:58:39 (Micro-star Int'l Co.)
Host 172.21.8.23 is up (0.00022s latency).
MAC Address: 00:1C:C0:48:B7:3E (Intel Corporate)
Host 172.21.8.26 is up (0.00020s latency).
MAC Address: 00:1C:C0:48:9F:12 (Intel Corporate)
Host 172.21.8.29 is up (0.00041s latency).
MAC Address: 00:1C:23:FC:F3:5A (Dell)
Host 172.21.8.31 is up (0.00020s latency).
MAC Address: 00:1C:C0:48:B7:21 (Intel Corporate)
Host 172.21.8.32 is up (0.00019s latency).
MAC Address: 00:1C:C0:52:27:CA (Intel Corporate)
Host 172.21.8.33 is up (0.00020s latency).
MAC Address: 00:1C:C0:48:B9:CA (Intel Corporate)
Host 172.21.8.34 is up (0.00018s latency).
MAC Address: 00:1C:C0:50:C5:2C (Intel Corporate)
Host 172.21.8.35 is up (0.00020s latency).
MAC Address: 00:1C:C0:51:24:FA (Intel Corporate)
Host 172.21.8.36 is up (0.00018s latency).
MAC Address: 00:1C:C0:48:A1:F3 (Intel Corporate)
Host 172.21.8.37 is up (0.00018s latency).
MAC Address: 00:1C:C0:51:25:0D (Intel Corporate)
Host 172.21.8.38 is up (0.00016s latency).
MAC Address: 00:1C:C0:48:B9:C6 (Intel Corporate)
Host 172.21.8.39 is up (0.00016s latency).
MAC Address: 00:1C:C0:50:A8:67 (Intel Corporate)
Host 172.21.8.40 is up (0.00029s latency).
MAC Address: 00:1C:C0:48:B7:4E (Intel Corporate)
Host 172.21.8.41 is up (0.00019s latency).
MAC Address: 00:1C:C0:51:24:DF (Intel Corporate)
Host 172.21.8.42 is up (0.00017s latency).
MAC Address: 00:1C:C0:51:25:1C (Intel Corporate)
Host 172.21.8.43 is up.
Host 172.21.8.44 is up (0.00030s latency).
MAC Address: 00:0C:29:F5:D4:0B (VMware)
Host 172.21.8.130 is up (0.00019s latency).
MAC Address: 00:1C:C0:50:36:3E (Intel Corporate)
Host 172.21.8.166 is up (0.00011s latency).
MAC Address: 00:1C:C0:50:A8:89 (Intel Corporate)
Host 172.21.8.169 is up (0.00010s latency).
MAC Address: 00:1C:C0:50:C5:1D (Intel Corporate)
Host 172.21.8.211 is up (0.00010s latency).
MAC Address: 00:1C:C0:48:B9:D8 (Intel Corporate)
Host 172.21.8.222 is up (0.00020s latency).
MAC Address: 00:1C:C0:50:C5:11 (Intel Corporate)
Host 172.21.8.249 is up (0.00020s latency).
MAC Address: 00:1C:C0:52:27:50 (Intel Corporate)
Host 172.21.8.251 is up (0.00017s latency).
MAC Address: 00:1C:C0:51:24:59 (Intel Corporate)
Host 172.21.8.253 is up (0.00017s latency).
MAC Address: 00:1C:C0:48:B9:D1 (Intel Corporate)
Nmap done: 256 IP addresses (31 hosts up) scanned in 2.30 seconds
PUERTOS TCP ABIERTOS
PUERTOS UDP ABIERTOS
EN ESTA PARTE PODEMOS VER QUE EL COMANDO ENVIADO EN NMAP VALIDA LOS PUERTOS TCP.
equipo03:/home/fus # nmap -n -sT 172.21.8.44
Starting Nmap 5.00 ( http://nmap.org ) at 2011-07-27 20:52 COT
Interesting ports on 172.21.8.44:
Not shown: 996 closed ports
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
443/tcp open https
MAC Address: 00:0C:29:F5:D4:0B (VMware)
Nmap done: 1 IP address (1 host up) scanned in 1.24 seconds
PODEMOS VER LOS PUERTOS UDP PARA ESTA MAQUINA SI NO ESTAN ABIERTOS NO GENERA REPORTE
equipo03:/home/fus # nmap -sU 172.21.8.4/24
Starting Nmap 5.00 ( http://nmap.org ) at 2011-07-27 20:48 COT
equipo03:/home/fus # rcapapache2
If 'rcapapache2' is not a typo you can use command-not-found to lookup the package that contains it, like this:
cnf rcapapache2
equipo03:/home/fus # rcapapache2 restart
If 'rcapapache2' is not a typo you can use command-not-found to lookup the package that contains it, like this:
cnf rcapapache2
TODOS LOS SERVICIOS QUE TIENEN LAS MAQUINAS ACTIVAS
equipo03:/home/fus # nmap -n -sV -vvv -p 100,1024 172.21.8.44
Starting Nmap 5.00 ( http://nmap.org ) at 2011-07-27 21:05 COT
NSE: Loaded 3 scripts for scanning.
Initiating ARP Ping Scan at 21:05
Scanning 172.21.8.44 [1 port]
Completed ARP Ping Scan at 21:05, 0.01s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 21:05
Scanning 172.21.8.44 [2 ports]
Completed SYN Stealth Scan at 21:05, 0.01s elapsed (2 total ports)
Initiating Service scan at 21:05
NSE: Script scanning 172.21.8.44.
NSE: Script Scanning completed.
Host 172.21.8.44 is up (0.00039s latency).
Scanned at 2011-07-27 21:05:50 COT for 0s
Interesting ports on 172.21.8.44:
PORT STATE SERVICE VERSION
100/tcp closed newacct
1024/tcp closed kdm
MAC Address: 00:0C:29:F5:D4:0B (VMware)
Read data files from: /usr/share/nmap
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds
Raw packets sent: 3 (130B) | Rcvd: 3 (122B)
REALICE UN SCANEO ENTRE LOS PUERTOS 1 Y 500 Y DIGA SI HAY ALGÚN
SERVICIO ACTIVO.
equipo03:/home/fus # nmap -n -T4 -p 100-1024 172.21.8.44
Starting Nmap 5.00 ( http://nmap.org ) at 2011-07-27 21:03 COT
Interesting ports on 172.21.8.44:
Not shown: 923 closed ports
PORT STATE SERVICE
111/tcp open rpcbind
443/tcp open https
MAC Address: 00:0C:29:F5:D4:0B (VMware)
Nmap done: 1 IP address (1 host up) scanned in 1.26 seconds
equipo03:/home/fus # nmap -n -T4 -p -vvv 100-1024 172.21.8.44
Starting Nmap 5.00 ( http://nmap.org ) at 2011-07-27 21:03 COT
Error #486: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-"
QUITTING!
REALICE UN SCANEO ENTRE LOS PUERTOS 1000 Y 1500 Y DIGA SI HAY ALGÚN
SERVICIO ACTIVO.
equipo03:/home/fus # nmap -n -sT -vvv -p 100,1024 172.21.8.44
Starting Nmap 5.00 ( http://nmap.org ) at 2011-07-27 20:58 COT
NSE: Loaded 0 scripts for scanning.
Initiating ARP Ping Scan at 20:58
Scanning 172.21.8.44 [1 port]
Xxxx Completed ARP Ping Scan at 20:58, 0.01s elapsed (1 total hosts)
Initiating Connect Scan at 20:58
Scanning 172.21.8.44 [2 ports]
Completed Connect Scan at 20:58, 0.00s elapsed (2 total ports)
Host 172.21.8.44 is up (0.00038s latency).
Scanned at 2011-07-27 20:58:14 COT for 0s
Interesting ports on 172.21.8.44:
PORT STATE SERVICE
100/tcp closed newacct
1024/tcp closed kdm
MAC Address: 00:0C:29:F5:D4:0B (VMware)
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
Raw packets sent: 1 (42B) | Rcvd: 1 (42B)
AVERIGÜE SI ES POSIBLE LOS SISTEMAS OPERATIVOS DE LAS MAQUINAS
ANALIZADAS.
equipo03:/home/fus # nmap -O -f 172.21.8.21
Starting Nmap 5.00 ( http://nmap.org ) at 2011-07-27 19:51 COT
Interesting ports on 172.21.8.21:
Not shown: 996 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
912/tcp open unknown
MAC Address: 00:1C:C0:52:27:8F (Intel Corporate)
Device type: general purpose
Running: Microsoft Windows XP
OS details: Microsoft Windows XP Professional SP2
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.58 seconds
AQUI ENVIAMOS EL COMANDO PARA VER LA VERSION DE SISTEMA OEPRATIVO Y EN LA MAQUINA ANTEIOR PODEMOS APRECIA QUE ES SISTEMA OPERATIVO WINDOWS PERO EN EL CASO QUIE VAMOS A VER A CONTINUACION ES POSIBLE QUE NOS ENFRENTEMOS A UN SISTEMA LINUX.
equipo03:/home/fus # nmap -n -O -vvv -p 1-100 172.21.8.44
Starting Nmap 5.00 ( http://nmap.org ) at 2011-07-27 21:08 COT
NSE: Loaded 0 scripts for scanning.
Initiating ARP Ping Scan at 21:08
Scanning 172.21.8.44 [1 port]
Completed ARP Ping Scan at 21:08, 0.01s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 21:08
Scanning 172.21.8.44 [100 ports]
Discovered open port 80/tcp on 172.21.8.44
Discovered open port 25/tcp on 172.21.8.44
Completed SYN Stealth Scan at 21:08, 0.10s elapsed (100 total ports)
Initiating OS detection (try #1) against 172.21.8.44
Host 172.21.8.44 is up (0.0063s latency).
Scanned at 2011-07-27 21:08:37 COT for 1s
Interesting ports on 172.21.8.44:
Not shown: 98 closed ports
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
MAC Address: 00:0C:29:F5:D4:0B (VMware)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.9 - 2.6.28
TCP/IP fingerprint:
OS:SCAN(V=5.00%D=7/27%OT=25%CT=1%CU=30661%PV=Y%DS=1%G=Y%M=000C29%TM=4E30C4A
OS:7%P=i686-pc-linux-gnu)SEQ(SP=CC%GCD=1%ISR=D1%TI=Z%CI=Z%II=I%TS=7)OPS(O1=
OS:M5B4ST11NW6%O2=M5B4ST11NW6%O3=M5B4NNT11NW6%O4=M5B4ST11NW6%O5=M5B4ST11NW6
OS:%O6=M5B4ST11)WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)ECN(R=Y
OS:%DF=Y%T=40%W=16D0%O=M5B4NNSNW6%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD
OS:=0%Q=)T2(R=N)T3(R=Y%DF=Y%T=40%W=16A0%S=O%A=S+%F=AS%O=M5B4ST11NW6%RD=0%Q=
OS:)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=
OS:S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF
OS:=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=
OS:G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
Uptime guess: 0.969 days (since Tue Jul 26 21:52:43 2011)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=204 (Good luck!)
IP ID Sequence Generation: All zeros
Read data files from: /usr/share/nmap
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.76 seconds
Raw packets sent: 120 (6040B) | Rcvd: 116 (5360B)
AVERIGÜE DE SER POSIBLE LAS VERSIONES DE LOS SERVICIOS QUE SE EJECUTAN
EN LAS MAQUINAS.
equipo03:/home/fus # nmap -n -sV -vvv -p 1,1024 172.21.8.44
Starting Nmap 5.00 ( http://nmap.org ) at 2011-07-27 21:06 COT
NSE: Loaded 3 scripts for scanning.
Initiating ARP Ping Scan at 21:06
Scanning 172.21.8.44 [1 port]
Completed ARP Ping Scan at 21:06, 0.01s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 21:06
Scanning 172.21.8.44 [2 ports]
Completed SYN Stealth Scan at 21:06, 0.01s elapsed (2 total ports)
Initiating Service scan at 21:06
NSE: Script scanning 172.21.8.44.
NSE: Script Scanning completed.
Host 172.21.8.44 is up (0.00040s latency).
Scanned at 2011-07-27 21:06:26 COT for 0s
Interesting ports on 172.21.8.44:
PORT STATE SERVICE VERSION
1/tcp closed tcpmux
1024/tcp closed kdm
MAC Address: 00:0C:29:F5:D4:0B (VMware)
Read data files from: /usr/share/nmap
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.20 seconds
Raw packets sent: 3 (130B) | Rcvd: 3 (122B)
equipo03:/home/fus # nmap -n -sV -vvv -p 1-100 172.21.8.44
Starting Nmap 5.00 ( http://nmap.org ) at 2011-07-27 21:07 COT
NSE: Loaded 3 scripts for scanning.
Initiating ARP Ping Scan at 21:07
Scanning 172.21.8.44 [1 port]
Completed ARP Ping Scan at 21:07, 0.01s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 21:07
Scanning 172.21.8.44 [100 ports]
Discovered open port 80/tcp on 172.21.8.44
Discovered open port 25/tcp on 172.21.8.44
Completed SYN Stealth Scan at 21:07, 0.01s elapsed (100 total ports)
Initiating Service scan at 21:07
Scanning 2 services on 172.21.8.44
Completed Service scan at 21:07, 6.01s elapsed (2 services on 1 host)
NSE: Script scanning 172.21.8.44.
NSE: Script Scanning completed.
Host 172.21.8.44 is up (0.00069s latency).
Scanned at 2011-07-27 21:07:20 COT for 6s
Interesting ports on 172.21.8.44:
Not shown: 98 closed ports
PORT STATE SERVICE VERSION
25/tcp open smtp Postfix smtpd
80/tcp open http Apache httpd 2.2.13 ((Linux/SUSE))
MAC Address: 00:0C:29:F5:D4:0B (VMware)
Service Info: Host: equipo02.mired.com
Read data files from: /usr/share/nmap
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.22 seconds
Raw packets sent: 101 (4442B) | Rcvd: 101 (4050B)
HAGA UN SCANEO DE TIPO -SX Y HÁGALE EL SEGUIMIENTO CORRESPONDIENTE
CON UN SNNIFER EXPLIQUE LO QUE SUCEDE.
En esta parte enviamos el comando –sX lo cual lo validamos en wireshark.
equipo03:/home/fus # nmap -n -sX -vvv -p 100,1024 172.21.8.44
Starting Nmap 5.00 ( http://nmap.org ) at 2011-07-27 20:59 COT
NSE: Loaded 0 scripts for scanning.
Initiating ARP Ping Scan at 20:59
Scanning 172.21.8.44 [1 port]
Completed ARP Ping Scan at 20:59, 0.01s elapsed (1 total hosts)
Initiating XMAS Scan at 20:59
Scanning 172.21.8.44 [2 ports]
Completed XMAS Scan at 20:59, 0.01s elapsed (2 total ports)
Host 172.21.8.44 is up (0.00040s latency).
Scanned at 2011-07-27 20:59:47 COT for 0s
Interesting ports on 172.21.8.44:
PORT STATE SERVICE
100/tcp closed newacct
1024/tcp closed kdm
MAC Address: 00:0C:29:F5:D4:0B (VMware)
Read data files from: /usr/share/nmap
INVESTIGACIÓN
- Que versión de nmap se puede ejecutar sobre el sistema operativo windows
Se puede utilizar nmap 4.85 5.21 para Windows 7 winpcap
- Descargue la versión de nmap para Windows y ejecute algunos de los
Comandos del laboratorio, compare los resultados.
- Cree usted que el scaning de puertos es útil para la seguridad informática.
Es una excelente herramienta ya que bien administrada se pueden prevenir muchos problemas a futuro, de igual manera podemos mantener mas controlado el trafico en la red, dar informes mas precisos acerca de los que estamos evaluando como administradores de redes.