The NMAP Security Scanner is a network port scanner with a large number of features including multiple protocol scanning and OS fingerprinting.

Crack is a tool for cracking passwords.

Ettercap is a network sniffer.

1. In the lab, scan the target machine and find all available services. For each of the services, try to determine what server version is running. Record your findings. WARNING: Do not scan any machines other than the target that we have provided. Doing so can get you into serious legal trouble!

2. Try to determine the operating system being run by our target machine using the fingerprinting system in nmap. Once you have done this, look through the code of nmap to find out how it does the fingerprinting. Document your findings.

3. Propose a way to prevent scanning and fingerprint detection. Is this type of "masking" always necessary or sensible?

Each group uses 2 computers on the same network. Your group will be given a username and password on our demo machine that will work for all the services running. Use nmap as before to discover these services. You have all the clients you need on your machine to use these services. On one machine, you will log into the demo server. On the other machine, use Ettercap to sniff the traffic between the client and server. Try to extract data sent in clear text first. SSH will also be one of the services - try to extract data from the SSH stream as well. Use the OS fingerprinting in Ettercap and compare the results to that of nmap. Explain how both of them are able to do the same fingerprinting using different methods.