Analyzing a Port Scan (NETLAB)

Start your Kali32 Machine

Open the Kali32 virtual machine. Log in as root with the password toor

Finding the IP Address of Your Kali32 Machine

In a Terminal window, execute this command:
ifconfig
Make a note of your IP address. It should be 172.16.1.203

Start your Kali64 Machine

Open the Kali64 virtual machine. Log in as root with the password toor

Pinging the Kali32 Machine From the Kali64 Machine

In your Kali64 machine, in a Terminal window, execute this command:
ping 172.16.1.203
You should see lines saying "64 bytes from...", indicating that you do have a working network connection between the two machines.

Press Ctrl+C to stop the pinging.

Starting Wireshark Sniffing

On your Kali32 desktop, in the Terminal window, execute this command:
wireshark
Press Enter twice to closes warning messages.

In the lower left of the Wireshark window, under the Start button, click eth0 to highlight it.

Click the Start button.

Scanning from the Kali64 Machine

In your Kali64 machine, in a Terminal window, execute this command:
nmap 172.16.1.203
When the scan completes, you should see a list of open ports including "80/tcp", as shown below.

Filtering the Capture Results

In Wireshark Window, in the Filter box, type this filter:
tcp.port==80
Press Enter.

The Info column should show this pattern of three packets, as shown below:

[SYN]
[SYN, ACK]
[RST, ACK]

This is an incomplete TCP three-way handshake, terminated prematureky by a RST.

Last Modified: 3:22 pm 9-12-13
Modified for NETLAB 6-16-16