Official Student Lab Guide

               Lab 4 – Detecting Live Systems
























                          g.  UDP Scan: Using the UDP scan "-sU" an attacker can determine what ports are open to
                              UDP on a host. Nmap will send a 0-byte UDP packet to each port. If the host returns a
                              "port unreachable" message, that port is considered closed. This method can be time
                              consuming because most UNIX hosts limit the rate of ICMP errors. Fortunately, Nmap
                              detects this rate and slows itself down, so not to overflow the target with messages that
                              would have been ignored.
                              Note: this scan might take up to 10 min.
                                  i.  nmap -sU 192.168.#.# (try against Metasploitable or VulnWeb)









          Report piracy if the fingerprint in this box is of poor resolution!












                   11. You can always use -v for verbosity (nmap supports up to 3v: nmap -vvv IP address)















               P a g e  | 72                                    Certified Penetration Testing Engineer – v06.3.1.4
                                                                                   ©Mile2 – All Rights Reserved