Tryhackme - Nmap Live Host Discovery

Tryhackme – Nmap Live Host Discovery

In this walk through, we will be going through the Nmap Live Host Discovery room from Tryhackme. This room will teaches us the usage of Nmap to discover live hosts using ARP scan, ICMP scan, and TCP/UDP ping scan. So, let’s get started without any delay.

Nmap Live Host Discovery

Task 1 – Introduction

Introduction

Question 1 – Some of these questions will require the use of a static site to answer the task questions, while others require the use of the AttackBox and the target VM.

Done

Task 1 - Introduction

Task 2 – Subnetworks

Subnetworks

Question 1 – How many devices can see the ARP Request?

4

Question 2 – Did computer6 receive the ARP Request? (Y/N)

N
ARP Requests

Send a packet with the following:

Send Packet

From computer4

  • To computer4 (to indicate it is broadcast)
  • Packet Type: “ARP Request”
  • Data: computer6 (because we are asking for computer6 MAC address using ARP Request)

Question 3 – How many devices can see the ARP Request?

4

Question 4 – Did computer6 reply to the ARP Request? (Y/N)

Y

Task 3 – Enumerating Targets

Question 1 – What is the first IP address Nmap would scan if you provided 10.10.12.13/29 as your target?

nmap -SL
10.10.12.8

Question 2 – How many IP addresses will Nmap scan if you provide the following range 10.10.0-255.101-125?

6400

Task 3 - Enumerating Targets

Task 4 – Discovering Live Hosts

Discovering Live Hosts

Question 1 – What is the type of packet that computer1 sent before the ping?

ARP Request

Question 2 – What is the type of packet that computer1 received before being able to send the ping?

ARP Response
ARP Response

Question 3 – How many computers responded to the ping request?

1

Ping request

Send a packet with the following:

Sending packet

  • From computer2
  • To computer5
  • Packet Type: “Ping Request”

Question 4 – What is the name of the first device that responded to the first ARP Request?

router

Question 5 – What is the name of the first device that responded to the second ARP Request?

computer 2

Question 3 – Send another Ping Request. Did it require new ARP Requests? (Y/N)

N

Task 4 - Discovering Live Hosts

Task 5 – Nmap Host Discovery Using ARP

Question 1 – How many devices are you able to discover using ARP requests?

3

ARP Requests

Task 5 - Nmap Host Discovery Using ARP

Task 6 – Nmap Host Discovery Using ICMP

Question 1 – What is the option required to tell Nmap to use ICMP Timestamp to discover live hosts?

-PP

Question 2 – What is the option required to tell Nmap to use ICMP Address Mask to discover live hosts?

-PM

Question 3 – What is the option required to tell Nmap to use ICMP Echo to discover life hosts?

 -PE
Task 6 - Nmap Host Discovery Using ICMP

Task 7 – Nmap Host Discovery Using TCP and UDP

Question 1 – Which TCP ping scan does not require a privileged account?

TCP SYN ping

Question 2 – Which TCP ping scan requires a privileged account?

TCP ACK ping

Question 3 – What option do you need to add to Nmap to run a TCP SYN ping scan on the telnet port?

-PS23
Task 7 - Nmap Host Discovery Using TCP and UDP

Task 8 – Using Reverse-DNS Lookup

Question 1 – We want Nmap to issue a reverse DNS lookup for all the possibles hosts on a subnet, hoping to get some insights from the names. What option should we add?

-R

Task 8 - Using Reverse-DNS Lookup

Task 9 – Summary

Task 9 - Summary
Task 9 - Summary

Also Read: Tryhackme – Mr Robot CTF

So that was “Nmap Live Host Discovery” for you. In this room, we have covered one of the most popular scanning and enumeration tool – Nmap. We have learned the usage of Nmap to discover live hosts using ARP scan, ICMP scan, and TCP/UDP ping scan and Reverse DNS lookup. On that note, i will take your leave. Till then, “Happy hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top