Lab 4
Monitoring TCP/IP Connections Using the CurrPorts Tool
CurrPorts is netirork monitoring soft!rare that displays the list of all currently opened TCP/ IP and UDP ports on your local computer.
Lab Scenario
111 the previous lab you learned how to check for open ports using the Amap tool. As an e th ica l h ack e r and penetration te s te r , you must be able to block such attacks by using appropriate firewalls or disable unnecessary services running 011 the computer.
You already know that the Internet uses a software protocol named TCP/ IP to format and transfer data. A11 attacker can monitor ongoing TCP connections and can have all the information in the IP and TCP headers and to the packet payloads with which he or she can hijack the connection. As the attacker has all die information 011 the network, he or she can create false packets in the TCP connection.
As a network administrator., your daily task is to check the TCP/IP connections of each server you manage. You have to monitor all TCP and UDP ports and list all the e s tab lish ed IP ad d re s s e s of the server using the CurrPorts tool.
Lab Objectives
The objective of diis lab is to help students determine and list all the TCP/IP and UDP ports o f a local computer.
111 in this lab, you need to:
■ Scan the system for currently opened TCP/IP and UDP ports
■ Gather information 011 die ports and p ro c e s s e s that are opened
■ List all the IP ad d re s s e s that are currendy established connections
■ Close unwanted TCP connections and kill the process that opened the ports
Lab Environment
To perform the lab, you need:
■ CurrPorts located at D:\CEH-Tools\CEHv8 Module 03 Scanning Networks\Scanning Tools\CurrPorts
■ You can also download the latest version of CurrPorts from the link http: / / www.nirsoft.11e t/utils/cports.html
■ I f you decide to download the la te s t version, then screenshots shown in the lab might differ
■ A computer running Windows Se rve r 2012
■ Double-click cp o r ts .e x e to run this tool
■ Administrator privileges to run die CurrPorts tool
Lab Duration
Time: 10 Minutes
Overview Monitoring TCP/IP
Monitoring TCP/IP ports checks if there are multiple IP connections established Scanning TCP/IP ports gets information on all die opened TCP and UDP ports and also displays all established IP addresses on die server.
Lab Tasks
The CurrPorts utility is a standalone executable and doesn’t require any installation process or additional DLLs (Dynamic Link Library). Extract CurrPorts to die desired location and double click cports.exe to launch.
1. Launch Currports. It automatically disp la y s the process name, ports, IP and remote addresses, and their states.
 |
| FIGURE 4.1: Tlie CuaPoits main window with all processes, ports, and IP addresses |
3. To view all die reports as an HTML page, click View ־> HTML Reports
־ All Items.
 |
| FIGURE 4.2 The CunPorts with HTML Report - All Items |
4. The HTML Report automatically opens using die default browser
 |
| FIGURE 4.3: Hie Web browser displaying CunPorts Report - All Items |
 |
| FIGURE 4.4: The Web browser to Save CurrPorts Report - All Items |
 |
| FIGURE 4.5: CurrPorts with HTML Report - Selected Items |
7. The selected report automatically opens using the default browser.
 |
| FIGURE 4.6: The Web browser displaying CuaPorts with HTML Report - Selected Items |
8. To save the generated CurrPorts report from the web browser, click File ־> S a v e Pag e As...Ctrl+S
 |
| FIGURE 4.7: The Web brcnvser to Saw QirrPorts with HTML Report - Selected Items |
 |
| FIGURE 4.8: CunPorts to view properties for a selected port |
11. Click OK to close die Properties window
 |
| FIGURE 4.9: Hie CunPorts Properties window for the selected port |
12. To close a TCP connection you think is suspicious, select the process and click File ־> Close Selected TCP Connections (or Ctrl+T).
 |
| FIGURE 4.10; ,Hie CunPoits Close Selected TCP Connections option window |
 |
| FIGURE 4.11: The CurrPorts Kill Processes of Selected Ports Option Window |
 |
| FIGURE 4.12: The CurrPoits Exit option window |
Document all die IP addresses, open ports and dieir running applications, and protocols discovered during die lab.
Questions
Analyze the results from CurrPorts by creating a filter string that displays only packets with remote TCP poit 80 and UDP port 53 and running it. Analyze and evaluate die output results by creating a filter that displays only die opened ports in die Firefox browser. Determine the use of each of die following options diat are available under
die options menu o f CurrPorts:
a. Display Established
b. Mark Ports Of Unidentified Applications
c. Display Items Widiout Remote Address
d. Display Items With Unknown State
Không có nhận xét nào:
Đăng nhận xét