Day 3: Learn Network Basics & Reconnaissance Tools

Day 3: Network Basics & Reconnaissance Tools

Intro to Networking & Recon with Nmap, WhatWeb, and Netdiscover

Network reconnaissance is a foundational skill for cybersecurity professionals, enabling them to gather critical information about systems, services, and potential vulnerabilities. Parrot OS, a Debian-based Linux distribution tailored for security research, provides a robust suite of tools for network analysis and reconnaissance. On Day 3 of this 7-day learning series, we delve into the essentials of networking and explore powerful reconnaissance tools available in Parrot OS. This article covers the basics of IP addresses, ports, and protocols; introduces fundamental networking tools such as ifconfig, ip, ping, traceroute, and netstat; and provides detailed guidance on using reconnaissance tools including Nmap, WhatWeb, theHarvester, dnsenum, Netdiscover, and Nikto. By mastering these concepts and tools, you will be equipped to perform effective network reconnaissance in a controlled, ethical environment.

Basics of IP, Ports, and Protocols

Understanding networking fundamentals is essential for conducting reconnaissance and analyzing systems. This section introduces the core concepts of IP addresses, ports, and protocols, which form the backbone of network communication.

IP Addresses

An Internet Protocol (IP) address is a unique identifier assigned to devices on a network, enabling communication. There are two primary versions:

  • IPv4: A 32-bit address (e.g., 192.168.1.1), represented as four decimal numbers separated by dots. It supports approximately 4.3 billion unique addresses.
  • IPv6: A 128-bit address (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334), designed to accommodate the growing number of devices.

IP addresses are divided into public (routable on the internet) and private (used within local networks, e.g., 192.168.0.0/16). Subnet masks (e.g., 255.255.255.0) define the network and host portions of an address.

Ports

Ports are numerical identifiers (0–65535) that specify services or applications on a device. They allow multiple services to run on a single IP address. Common ports include:

  • 80: HTTP (web traffic).
  • 443: HTTPS (secure web traffic).
  • 22: SSH (secure remote access).
  • 445: SMB (file sharing).

Ports are categorized as well-known (0–1023), registered (1024–49151), and dynamic/private (49152–65535).

Protocols

Protocols define the rules for data communication. Key protocols include:

  • TCP: Transmission Control Protocol, reliable and connection-oriented, used for web browsing and email.
  • UDP: User Datagram Protocol, faster but less reliable, used for streaming and DNS.
  • ICMP: Internet Control Message Protocol, used for diagnostics (e.g., ping).
  • HTTP/HTTPS: Protocols for web communication.

Understanding these concepts is crucial for interpreting network scans and identifying services during reconnaissance.

Task: Research the port numbers for FTP and SMTP, and identify whether they use TCP or UDP.

Networking Tools

Parrot OS includes several command-line tools for analyzing and troubleshooting networks. These tools help you inspect your system’s network configuration and test connectivity.

ifconfig

The ifconfig command displays network interface details, such as IP addresses and MAC addresses.

  • Usage: 
    ifconfig
    Lists all active interfaces (e.g., eth0, wlan0).
  • Example: To view details for a specific interface: 
    ifconfig eth0
    Shows the IP address, netmask, and status of eth0.

ip

The ip command is a modern replacement for ifconfig, offering more features.

  • Usage: 
    ip addr show
    Displays IP addresses and interface details.
  • Example: To check the status of a specific interface: 
    ip link show eth0

ping

The ping command tests connectivity to a host using ICMP packets.

  • Usage: 
    ping google.com
    Sends packets and displays response times.
  • Example: Limit to 4 pings: 
    ping -c 4 google.com

traceroute

The traceroute command traces the path packets take to a destination.

  • Usage: 
    traceroute google.com
    Lists hops between your system and the target.
  • Example: Use TCP instead of ICMP: 
    traceroute -T google.com

netstat

The netstat command displays network connections, routing tables, and interface statistics.

  • Usage: 
    netstat -tuln
    Shows listening TCP/UDP ports.
  • Example: View all active connections: 
    netstat -tunap

Task: Use ifconfig or ip to find your system’s IP address, ping a public server (e.g., 8.8.8.8), and trace the route to it with traceroute.

Outcome: You can inspect and troubleshoot network configurations using basic tools.

Scanning with Nmap

Nmap (Network Mapper) is a powerful tool for network discovery and security auditing, pre-installed in Parrot OS. It scans networks to identify hosts, services, and vulnerabilities.

Basic Nmap Commands

  • Ping Scan: 
    nmap -sP 192.168.1.0/24
    Discovers live hosts on the network.
  • TCP SYN Scan: 
    sudo nmap -sS 192.168.1.100
    Scans for open ports stealthily.
  • Service/Version Detection: 
    sudo nmap -sV 192.168.1.100
    Identifies services and their versions on open ports.
  • OS Detection: 
    sudo nmap -O 192.168.1.100
    Detects the operating system and hardware.
  • Aggressive Scan: 
    sudo nmap -A 192.168.1.100
    Combines service, OS, and script scanning for detailed results.

Practical Nmap Usage

  1. Discover Hosts: Run a ping scan to identify devices on your local network: 
    nmap -sP 192.168.1.0/24
  2. Scan a Target: Perform a TCP SYN scan with version detection: 
    sudo nmap -sS -sV 192.168.1.100
  3. Save Output: Export results for analysis: 
    sudo nmap -sS -sV -oN scan_results.txt 192.168.1.100

Task: Perform a ping scan on your local network, then run a service/version scan on a specific host (e.g., a test VM like Metasploitable).

Ethical Note: Only scan networks or devices you have explicit permission to test. Unauthorized scanning is illegal.

Outcome: You can use Nmap to discover hosts and identify services, laying the groundwork for vulnerability assessments.

Web Reconnaissance with WhatWeb

WhatWeb is a web reconnaissance tool that identifies technologies, frameworks, and content management systems (CMS) used by websites.

Using WhatWeb

  • Basic Scan: 
    whatweb example.com
    Identifies web technologies like Apache, WordPress, or PHP.
  • Aggressive Scan: 
    whatweb -a 3 example.com
    Performs a deeper scan for detailed information.
  • Multiple Targets: 
    whatweb example.com example.org

Task: Run WhatWeb against a test website (e.g., scanme.nmap.org) and note the technologies detected.

Outcome: You can gather information about a website’s technology stack, aiding in vulnerability identification.

Email and DNS Recon with theHarvester

theHarvester is a tool for collecting email addresses, subdomains, and hosts associated with a domain, useful for open-source intelligence (OSINT).

Using theHarvester

  • Basic Search: 
    theharvester -d example.com -b google
    Searches Google for emails and hosts related to example.com.
  • Multiple Sources: 
    theharvester -d example.com -b all
    Queries multiple search engines and services.
  • Save Output: 
    theharvester -d example.com -b google -f results.html
    Saves results to an HTML file.

Task: Use theHarvester to find emails and subdomains for a public domain (e.g., tesla.com) using the google source.

Outcome: You can collect OSINT data to map a target’s digital footprint.

DNS Enumeration with dnsenum

dnsenum enumerates DNS records to uncover subdomains, mail servers, and other DNS-related information.

Using dnsenum

  • Basic Enumeration: 
    dnsenum example.com
    Lists DNS records and subdomains.
  • Brute Force Subdomains: 
    dnsenum --enum -f /usr/share/dnsenum/dns.txt example.com
    Uses a wordlist to brute-force subdomains.
  • Save Output: 
    dnsenum example.com -o dns_results.xml

Task: Run dnsenum on a test domain and identify at least one subdomain.

Outcome: You can enumerate DNS records to discover hidden infrastructure.

Additional Reconnaissance Tools

To broaden your reconnaissance capabilities, Parrot OS includes additional tools like Netdiscover and Nikto.

Netdiscover

Netdiscover is a tool for discovering devices on a local network using ARP requests.

  • Basic Scan: 
    sudo netdiscover -i eth0
    Scans the network on interface eth0.
  • Passive Mode: 
    sudo netdiscover -i eth0 -p
    Listens passively without sending packets.

Task: Use Netdiscover to identify devices on your local network.

Nikto

Nikto is a web server scanner that identifies vulnerabilities and misconfigurations.

  • Basic Scan: 
    nikto -h http://example.com
    Scans for common vulnerabilities.
  • Output to File: 
    nikto -h http://example.com -o nikto_results.html

Task: Run Nikto against a test web server (e.g., a local DVWA instance) and review the results.

Outcome: You can use Netdiscover and Nikto to expand your reconnaissance capabilities.

Practical Exercise

  1. Use ip addr show to find your system’s IP address and ping a public server.
  2. Run a traceroute to google.com and note the number of hops.
  3. Perform an Nmap ping scan on your local network, followed by a service/version scan on a test host.
  4. Use WhatWeb to analyze a public website’s technologies.
  5. Run theHarvester and dnsenum on a test domain to collect OSINT and DNS data.
  6. Discover devices with Netdiscover and scan a test web server with Nikto.

Conclusion

Day 3 of this 7-day series has equipped you with essential networking knowledge and hands-on experience with reconnaissance tools in Parrot OS. By understanding IP addresses, ports, and protocols, and mastering tools like ifconfig, ip, ping, traceroute, netstat, Nmap, WhatWeb, theHarvester, dnsenum, Netdiscover, and Nikto, you can effectively gather intelligence about networks and systems. These skills are critical for ethical hacking and vulnerability assessments. Continue practicing in a controlled environment, and prepare for Day 4, where you will explore network analysis with Wireshark and Tcpdump.

Next Steps:

  • Practice Nmap scans on test environments like Metasploitable.
  • Explore additional Parrot OS tools like Recon-ng for advanced OSINT.
  • Engage with cybersecurity communities on platforms like X to share findings and learn best practices.
Avatar photo

I'm passionate about technology, coding. I've been interested in computers since I was a kid. My favorite programming languages are python and JavaScript

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *