Tải bản đầy đủ
To export die packets sent from die File menu, select File־^Export־^All Packets.

To export die packets sent from die File menu, select File־^Export־^All Packets.

Tải bản đầy đủ

Module 03 - Scanning Networks

‫ר״‬
Colas

‫ י‬L?

File

Edit

Send

Import...

1*


Export

10

Help

Exit
+^ T Packet:

X
glete

0 1
‫ ׳‬a
All Packets...
^

ketN o . |_ jJ I

Selected Packets...

Num: 00(

EJ-@ E th e r n e t Type I I

] 0 /1 4 [

^ D e s t i n a t i o n A d d re ss:

‫ן‬

FF: FF:1

S o u rce A d d re ss:

0 0 :0 0 :(

,

FIGURE 17.13: Export All Packets potion
Q Option, Packets Sent
This shows the number of
packets sent successfully.
Colasoft Packet Builder
displays the packets sent
unsuccessfully, too, if there
is a packet not sent out.

Save As

x I

5avein‫ ! " ! ־‬: o l a e c - f t
flfc l

Nome

D«tc modified

Type

No items match your search.
Rcccnt plocca


Desktop

< 3
Libraries
lA ff
Computer

Network

r n ______

...

r >1

F1Un»m*

| Fjiekct• e«cpld

vj

Sav•

S»v• •c typ♦

(Colafloft Packot Rio (v6) (*.oocpkt)

v|

C«rc«l

|

FIGURE 17.14: Select a location to save the exported file

U

Packets.cscpkt

FIGURE 17.15: Colasoft Packet Builder exporting packet

Lab A nalysis
Analyze and document die results related to the lab exercise.
T ool/U tility

Inform ation C ollected/O bjectives Achieved
A dapter Used: Realtek PCIe Family Controller

Colasoft Packet
Builder

Selected Packet N am e: ARP Packets
Result: Captured packets are saved in packets.cscpkt

C E H L ab M an u al P ag e 256

E th ica l H a c k in g an d C o u n term easu res Copyright O by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited

Module 03 - Scanning Networks

PLEASE TALK TO

Y O U R I N S T R U C T O R IF YOU
R E L A T E D T O T H IS LAB.

HAVE

QUESTIONS

Q uestions
1. Analyze how Colasoft Packet Builder affects your network traffic while
analyzing your network.
2. Evaluate what types of instant messages Capsa monitors.
3. Determine whether die packet buffer affects performance. If yes, dien what
steps do you take to avoid or reduce its effect on software?
Internet C onnection Required
□ Yes

0 No

Platform Supported

0 Classroom

C E H L ab M an u al P ag e 257

0 iLabs

E th ica l H a c k in g an d C o u n term easu res Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.

Module 03 - Scanning Networks

Lab

Scanning Devices in a Network
Using The Dude
I CON KEY
5 Valuable
information

The Dnde automatically scans all devices within specified subnets, draws and lays out
a wap ofyour networks, monitors services ofyour devices, and a/eftsyon in case
some service hasp roblems.

Test your
knowledge

Lab S cenario

Web exercise

111 the previous lab you learned how packets can be captured using Colasoft
Packet Builder. Attackers too can sniff can capture and analyze packets from a
network and obtain specific network information. The attacker can disrupt
communication between hosts and clients by modifying system configurations,
or through the physical destruction of the network.

Workbook review

As an expert eth ic a l h ack er, you should be able to gadier information 011
organ ization s n etw ork to c h e c k for vu ln erab ilities and fix th em b efo re an
a tta ck er g e t s to co m p ro m ise th e m a c h in e s using th o s e vu ln erab ilities. If

you detect any attack that has been performed 011 a network, immediately
implement preventative measures to stop any additional unauthorized access.
111 this lab you will learn to use The Dude tool to scan the devices in a network
and the tool will alert you if any attack has been performed 011 the network.

Lab O bjectives
The objective of diis lab is to demonstrate how to scan all devices widiin specified
subnets, draw and layout a map o f your networks, and monitor services 011 die
network.
V

J Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv 8
Module 03
Scanning
Netw orks
C E H L ab M an u al P ag e 258

Lab Environm ent
To carry out the lab, you need:
■ The Dude is located at D:\CEH-T00 ls\CEHv 8 Module 03 S can nin g
N etw ork s\N etw ork D iscovery and Mapping T ools\T h e Dude

■ You can also download the latest version o f The Dude from the
http: / / www.1nikiodk.com / thedude.php

E th ica l H a c k in g an d C o u n term easu res Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited

Module 03 - Scanning Networks

■ If you decide to download the latest version, then s c r e e n s h o ts shown
in the lab might differ
■ A computer running Windows Server 2012
■ Double-click die The Dude and follow wizard-driven installation steps to
install The Dude
■ Administrative privileges to run tools

Lab D uration
Time: 10 Minutes

O verview o f T h e Dude
The Dude network monitor is a new application that can dramatically improve die
way you manage your network environment It will automatically scan all devices
within specified subnets, draw and layout a map of your networks, monitor services
o f your devices, and alert you in case some service lias problems.

Lab Tasks
1. Launch the Start menu by hovering the mouse cursor on the lower-left
corner of the desktop.

i | Windows Server2012
Ser*r 2012 M « a 1e Candklate DitaceM*
______________________________________________________________________________________ Ev^mbonoopy BuildWX:

FIGURE 18.1: Windows Server 2012- Desktop view

E

ta sk

1

Launch The Dude

111 the Start m enu, to launch T he Dude, click T he Dude icon.
Administrator ^

Start
Server
Maiwgcr

Computer

iL

U

~
v

-—J

‫יי‬

M m n itr.
T
command
Prompt

1 n» 0u0f

*

f>

e

%

0—l»p

C E H L ab M an u al P ag e 259

E th ica l H a c k in g an d C o u n term easu res Copyright O by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited

Module 03 - Scanning Networks

FIGURE 182: Windows Server 2012 - Start menu

3. The main window o f The Dude will appear.
fS mm
(§)

Setting*

Local Server

71S E 1

□ A3<*T3S USS
A Admn#

H


E
- B

I-

O*

Ssttnst

j

Dkovo 70011*

‫־‬

W

‫• ־‬.

.*.‫־‬

vJ

irk*

Lay*

0 ‫»ו »י‬
D*wic«»

?5?

M

X

!

Hdo

CJ

Contert*

H
H

’- l ° l
‫י‬
jjyi2m c*‫ ״‬m .TffB

a d m in @ lo c a lh o s t - T h e D u d e 4 .0 b e ta 3

9

5references

Flea
FLnctona
H tfa y Action*
Lntu
Lc0*
£ 7 A^icn
£ 7 Cecus
£ 7 & ‫׳‬ent
£ 7 Syslog
Notic?
Keftroric Maps
B Lccd
1 U n ir t i

5

-A

[.Ca 1MU«d

Ctert. a 9‫ מ‬bu« /t x 384 M

S * ‫׳ ״*־‬x 2 1 5 b c *.'U M 2 b c «

FIGURE 18.3: Main window of The Dude

4. Click the D iscover button on the toolbar of die main window.
--------------------------



■■
a d m i r t @ l o c a l h o s t - T h e D u d e 4 .0 b e t a 3

®

‫ ־‬reference*

9

Local Seiver
a

Ca-'teri*

c ‫׳‬

* b

r h tZ

3

.

‫״‬

E

®

x

IIIIJHb

*
- 1 + ‫״‬

1

o

*

Sett re#

D ko v * ‫| ־‬

*T oo•

‫•־‬.

•v

1*«

|lrk*

_d 2

Q Addra# list*
A ‫׳‬vawro
□ 0 ‫יו *ו‬
f‫“־‬l Om icM
f * . Ftes
n F_nccon8

B
n


‫י‬

H a a y Action*
1^‫“*י‬
Leo*
£ ? Acttcn

£7 Defcus
£7 Event
R
- Q

M

| !Connected

£ 7 Sjobg
Mb No tie?
fcw ortc Ma08

B

Lccdl

'‫׳‬

Cie‫ ׳‬t. 1x

$59bus / t x 334bp*

:«<* a215bo*<'u642bc«

FIGURE 18.4: Select discover button

5. The D ev ice D iscovery window appears.

C E H L ab M an u al P ag e 260

E th ica l H a c k in g an d C o u n term easu res Copyright O by E C ‫־‬Counc11
All Rights Reserved. Reproduction is Strictly Prohibited

Module 03 - Scanning Networks

Device Discovery
General

Services

Device Types

Advanced

Discover

Enter subnet number you want to scan for devices

Cancel

Scan Networks: 110.0.0.0/24

!-

Agent: |P£g?
P Add Networks To Auto Scan
Black List: |i
Device Name Preference: |DNS. SNMP. NETBIOS. IP
Discovery Mode:

(•

fast (scan by ping)

Recursive Hops: ‫פ ר ־ י ו‬

/ ‫י‬
2

F

reliable (scan each service)

C

I I I I I

I I I

4

20

6

8

10

14

50

Layout Map /tfter Discovery Complete

FIGURE 18.6: Device discovery ^‫־‬uxicra‫־‬

6. 111 the Device Discovery window, specify S ca n N etw ork s range, select
d efau lt from die A gent drop-down list, select DNS, SNMP, NETBIOS,
and IP from die D ev ice N am e P referen ce drop-down list, and click
D iscover.
Device Discovery
General

Services

Device Types

Advanced
number you want to scan for

Scan Networks: (10.0.0.0/24
Agent: 5 S S H B I
r

Add Networks To Auto Scan
Black List: [none

Device Name Preference
Discovery Mode

DNS. SNMP. NETBIOS. IP
(•

fast (scan by ping)

3

reliable (scan each service)

C

0
Recursive Hops: [1

]▼] / —r
2

I-

‫ —ו —ר‬1— ‫ו —ו‬--------------------------------------------------------------4

6

8

10

14

20

SO

Layout Map /tfter Discovery Complete

FIGURE 18.7: Selecting device name preference

7. Once the scan is complete, all the devices connected to a particular
network will be displayed.

C E H L ab M an u al P ag e 261

E th ica l H a c k in g an d C o u n term easu res Copyright C by E C ‫־‬Counc11
All Rights Reserved. Reproduction is Strictly Prohibited

Module 03 - Scanning Networks

‫־‬f t ^t

adrmn@localhost The Dude 4.0beta3
11d Locd

Sanhfla! _
Ccrtemt_______________
f~ l *ric teo Lata
Adnns 4 .

•fat

ll B S
+

- _

^

e:

Chats

Oevteaa□

‫*׳‬- *Pie
»Q Fu1dion

| S W

| ^Tooia

tt 1a

s

‫י‬-

|l‫־‬ks

^

209m: [10

.•

WW*IXY858KH04P

WN-D39MR5 HL9E4

AOMN

I

r

*

MflfeMtttLUUKAl

ptVem
asy*B

\

‫י‬

WIN

N.

‫י‬

?U't'.lO'.-tfS \

‫ ב ר ז‬-‫ו א ^נ‬

□ tob>10«m
dn ‫*ס״״^־ז‬M
ap*
‫ק‬

| | Dhcovef

ecu 19N fn«r: 63 %vM: 27%disk 75%

»Aeten07*40
H1-‫׳*י״‬

□ ‫י‬-00*
127A*en
L f Uofcoa

*

Qy

B«*<2□

‫ק‬

_e [o

Q Local
Metwortc*

Q NotActfont

H□ PjTriS
Q adrrin 127.0,0.1
QPxtee
5 > Sennco

QTcde
YHhH.K0H)ftR3fi?M

r i'r -r ^ r

Q m - ‫׳‬x 3 2 5 ■‫׳‬oc« ‫ ׳‬w I95bpj

Saver r | ( ( 4(>> * 3 9 t ® c «

FIGURE 18.8: Overview of network connection

8. Select a device and place die m ouse cursor o n it to display the detailed
inform ation about diat device.

CartvM

♦• ‫ ״‬%

~*1Zoom.[TO

j o ^ StfttKujo Dwovw

Ad<*«3a Lota 5

*AAdm
r

R Afl*rta
*Chat □

Q08V
1008

^ Plea
Q Functions

® *•* H atovV □

Lnk□ *
‫□ ־‬

Lcoa

J?Acton]

tftteO
T. JLYKSO-CiPW
rd
cvn
a
xn
p
u
cr‘,
IP• 100 0 9
M
ACCtt ■- 10
S*'42m (7V

U>.da3 rcOiM 1C2 coj fnemcry vrtuai memoiy. cfck

SjcrT!‫ז‬.‫*־״‬.vw.-’.‫׳‬-Y35am3ip

-fc*».=«e ntes« Famly G Wsdd 42 9eppng 7 M/M COUPATBU 6C0esacto01WipxnsrFix)

Virc0*5 I to ia i 6 & End

Ipwue 0028‫<־‬J771

C7 Detua
Ewr ?£
L7S«bg
®* Mb Mod

tetwo*M
aps,!
B
B local

•n Nnwwk

«No!llc
Q Parris
H • * ™ 127.00.1
□ P‫ »׳‬cN

Q>Samcas

)>*

l*»

I»_i**W
U«L'i»tX>:»

1‫ ג‬a t

(<»•

1‫» נ‬

iwttdai e UU liriMMOll-

n-n

■■11*••:‫ י‬.1rc»1c:r

H Tocte

1 2 :3

12:31

Iecu•
lam0«■a.'iaaeoip

12:40

1*•:

12: X

| mdiv0vnn-uiYKBocnP

C V t m 2 45 kbp* ‫'׳‬tx 197bp»



13: ta

. W * ‫־‬. n m ‫־‬, t «W -ll‫־‬r8!a.H0TP

n .1 3 4 ttp a /fc 3 3 k b c «

FIGURE 18.9: Detailed information of the device

9.

C E H L ab M an u al P ag e 262

N o w , click the d ow n arrow for die Local drop-dow n list to see
inform ation 011 H istory A ctio n s, T ools, F iles. Logs, and so 011.

E th ica l H a c k in g an d C o u n term easu res Copyright © by E C ‫־‬Counc11
All Rights Reserved. Reproduction is Strictly Prohibited