TryHackMe | Nmap Live Host Discovery WriteUp

 

Learn how to use Nmap to discover live hosts using ARP scan, ICMP scan, and TCP/UDP ping scan.

Link- https://tryhackme.com/room/nmap01


Send a packet with the following:

  • From computer1
  • To computer1 (to indicate it is broadcast)
  • Packet Type: “ARP Request”
  • Data: computer6 (because we are asking for computer6 MAC address using ARP Request)

How many devices can see the ARP Request?

4

Did computer6 receive the ARP Request? (Y/N)

N

Send a packet with the following:

  • From computer4
  • To computer4 (to indicate it is broadcast)
  • Packet Type: “ARP Request”
  • Data: computer6 (because we are asking for computer6 MAC address using ARP Request)

How many devices can see the ARP Request?

4

Did computer6 reply to the ARP Request? (Y/N)

Y

What is the first IP address Nmap would scan if you provided 10.10.12.13/29 as your target?

10.10.12.8

How many IP addresses will Nmap scan if you provide the following range 10.10.0-255.101-125?

6400

Send a packet with the following:

  • From computer1
  • To computer3
  • Packet Type: “Ping Request”

What is the type of packet that computer1 sent before the ping?

ARP Request

What is the type of packet that computer1 received before being able to send the ping?

ARP Response

How many computers responded to the ping request?

1

Send a packet with the following:

  • From computer2
  • To computer5
  • Packet Type: “Ping Request”

What is the name of the first device that responded to the first ARP Request?

router

What is the name of the first device that responded to the second ARP Request?

computer5

Send another Ping Request. Did it require new ARP Requests? (Y/N)

N

We will be sending broadcast ARP Requests packets with the following options:

  • From computer1
  • To computer1 (to indicate it is broadcast)
  • Packet Type: “ARP Request”
  • Data: try all the possible eight devices (other than computer1) in the network: computer2, computer3, computer4, computer5, computer6, switch1, switch2, and router.

How many devices are you able to discover using ARP requests?

3

What is the option required to tell Nmap to use ICMP Timestamp to discover live hosts?

-PP

What is the option required to tell Nmap to use ICMP Address Mask to discover live hosts?

-PM

What is the option required to tell Nmap to use ICMP Echo to discover life hosts?

-PE

Which TCP ping scan does not require a privileged account?

TCP SYN Ping

Which TCP ping scan requires a privileged account?

TCP ACK Ping

What option do you need to add to Nmap to run a TCP SYN ping scan on the telnet port?

-PS23

We want Nmap to issue a reverse DNS lookup for all the possibles hosts on a subnet, hoping to get some insights from the names. What option should we add?

-R


That’s it!. See you in the next Room :)


Comments

Eonrec

Popular posts from this blog

TryHackMe | Introduction To Honeypots Walkthrough

TryHackMe | DFIR: An Introduction WriteUp

TryHackMe | Intro to Cyber Threat Intel WriteUp