pete > courses > Crash Course in System Security (CSCI 1005), Winter 2025 > Day 14

---

how do you find a computer if you don’t know its IP address?

broadcast ping! but what if it’s blocked?

broadcast ARP! but what if it’s blocked?

how can you know what specific software is running on a computer?

fingerprinting

New(ish) tools

• nmap
• iptables
• netstat

Exercises

---

Examine DHCP

Install wireshark on your host (ie, not the virtual machine). Figure out how to make the host request a new DHCP lease and observe the packets that comprise the request/response procedure.

Network mapping

As a class, collate your various traceroutes and produce a map of the network in and around Middlebury. If you’re ambitious, create this map computationally (eg, using GraphViz). If you can, make associations between physical locations and network locations (ie, subnets). What conclusions can you draw about the network topology?

Host mapping

Groups of two. One set up netcat to listen. The other use nmap to find where the host is listening. Figure out how to use iptables to selectively prevent nmap from being able to find the listener. (Consider what might differentiate a connection you want to accept from a connection you don’t want to accept.)

Host exploration

Read the nmap manpage. Experiment with it. See what open ports you can find on your group’s machines. Use netcat or scapy to initiate connections to these ports and see how they respond. Send (semi)random data to these ports to see how they respond.

Port-knocking

Configure your firewall to drop or reject all incoming connections by default. Further, configure it to log all rejected incoming packets. Write a program that monitors the system log for those rejected packets; upon seeing a particular pattern, it should add a firewall rule that allows traffic from the originating machine. (This program might be easier to write in, eg, python rather than bash.)