HOW TO PERFORM NETWORK DISCOVERY ON DMZ USING WINDOWS OPERATING SYSTEM AND KALI LINUX PLATFORM:

Network discovery is the process through which computers and network devices able to find each other. It enables network devices over a local network to connect and communicate with other devices. In penetration testing, this progress also known as scanning. It is a method in which the penetration tester use a various of tools to try and find available device connected the network that he manage to tap into or connected. After device is scan and identified, the penetration tester will move to the next step which is information gathering on the target selected or aimed.


In this post I am going to introduce a few tools in both windows and kali linux operating system to perform scanning over the militarized zone which I have setup earlier (if you missed the setup progress, feel free to check out my previous post)


On Windows Operating System Platform:


Tools used:


  1. Solarwinds port scanner

  2. LanSweepers

Solarwind port scanner


Open your web browser (in my case it is google chrome), search for solarwind port scanner, click on the highlighted result


Click on DOWNLOAD FREE TOOLS


Fill in all the necessary information, then click PROCEED TO FREE DOWNLOAD


Click DOWNLOAD NOW to begin download


After download is complete, right click on the compress download file and click extract all to extract it with any unzip tools


Click Extract


Go to the directory where you extract the file, right click on portscanner application and click Run as administrator to begin installation.


Tick I accept the terms of the license agreement and click ACCEPT



Key in the IP address range of the network connected by the target or hostname of the target if you know the hostname of the target’s PC, port range is required as well, then click SCAN on the bottom to begin scanning


Select active host in the drop-down menu as highlighted in the picture shown above


On your right you can see the hostname of the device scanned, as well as its open port


Port number, protocol and status are listed as well


Above are the active host with its respective hostname and open port based on my setup from previous post (feel free to check that out if you missed that)


LAN sweeper:

Open your web browser, search for LAN sweeper, click on the second result as shown in the picture.


Enter email address then click Download Lansweeper to start download lansweeper.


Wait for the download to be complete


Go to the email account which you have key in earlier at the lansweeper download page, you will noticed an email regarding unlock your installation, click on Grab Your Key.


It will direct you to a new page, copy the key as listed


Right click on the downloaded LansweeperSetup application and click Run as administrator.


Click Next


Click I Agree


Tick easy install and click Next


Click next


Click Install


Click Finish


Launch the lansweeper


Tick I have a key and paste the product key which you have copied earlier.


Click Next


Key in the IP range based on your network interface then click Next


If you are unsure what kind of asset is under the network, just leave it as default and click next


Click next


Key in the credential (local account), or you can just key in .\Administrator for windows computer then click skip


Key in root for linux computer then click skip


Click next


Click skip

0

Scanning has started


Result can be seen on your right under Last seen asset tab


Hostname, domain name and IP address are listed in the result

On Kali Linux platform, we will use other tools to start perform scanning on the target.

Tools used in this post:

  1. Zenmap

  2. Sparta

  3. Arp-scan


Key in the target (network or the target connect to follow by / and the subnet mask) in this case the target is connected under the network 10.10.20.0 and the subnet mask is 24. Click on Scan to start scanning.


When the scanning is complete, on your left you can see a lot of host listed under the host tab, click on any of them to view details information about it on your right. Details such as IP address and open port, protocol name could be gathered via this scan.


Key in the target (network or the target connect to follow by / and the subnet mask) in this case the target is connected under the network 10.10.20.0 and the subnet mask is 24. Click Add to scope



arp-scan


to show live host in the subnet

5 views

Recent Posts

See All

Contact Us

Our Office :

OSI TECHNOLOGY SDN BHD

16-1 Jalan Opera D U2/D,

Taman TTDI Jaya,

40150 Shah Alam,

Selangor Darul Ehsan

Tel : 603 7846 3080

Fax : 603 7848 3180

Email : info_osi@osi.com.my

Training Centre & Exam Centre : 

OSI TECHNOLOGY SDN BHD

20-1 Jalan Opera G U2/G,

Taman TTDI Jaya,

40150 Shah Alam,

Selangor Darul Ehsan