Lab 3 Network Vulnerabilities

This lab will practice attack strategies such as foot printing, spoofing, and Denial of Service.

Exercise One

This exercise is done within the Client and Rogue.

First I need to start in the Rogue VM and start up Zenmap and set the IP target to and then click scan

The scan found all of my VMs and this can be seen in a detail within the topology tab

In the ‘Host Details’ tab you can see more details about each of the discovered machines, and how many ports they have open. The bomb icon shows that the machine has open ports ad the safe shows the machine is secure.


This slideshow requires JavaScript.

Lastly we can see all the open ports on the server by going to the ‘Ports / Hosts’ tab

Exercise Two


Now using Wireshark and setting the capture to IP and running it, then switching to the Client and pinging the Rogue we can then see what Wireshark produces.

Looking at the Wireshark results we can see ICMP request and replies from the Rogue and the Client.

Exercise Three


This lab will be going into ‘Man in the Middle’ attacks and ARP attacks.

We start in the Server VM and need to copy ftproot and wwwroot from gtslab and paste it into the inetpub folder.

Now we need to run a command of HTTP://SERVER on the Client and see The Book Company page, then make a note of the servers MAC address.

Now we need to change over to the Rogue and ping the Server and the Client and then arp to get the Server and Clients MAC address.

We now need to do the following command:  netsh interface ipv4
add neighbors Ethernet server_IP server_MAC changing the lines to suit the servers IP address and MAc address, as well as:  netsh interface ipv4 add
neighbors Ethernet client_IP client_MAC, for the client

After running these commands and running arp -a on the Rogue the type of the two machines changed from dynamic to static.

Now on the Rogue, I need to run Ettercup, select sniff and scan, this should show two results.

Now I need to add the server to target 1 and the client to target 2 and run the arp poisoning.

I need to start sniffing on Ettercap and then switch to wireshark and start capturing.

I now need to switch to the Client and ping the server then run arp -a and make note of the MAC address.

I see that the type has changed back to dynamic, I’m not too sure why that has happened.

I now need to switch back to the server and run the http://server


I had to stop the Ettercap attack and then stop Wireshark and look at the results.

The captured packets show an epmap command between the Client and the Server and the Rogues IP.


Exercise Four

This part of the lab is focused around the denial of service.

Now on the Server VM I need to open up Wireshark and capture on port 80, then switch over to the client and run the HTTP:\\Server and navigate the site and I should notice no delay.

Now I need to delete the browsing history on the CLient VM.

Now a quick look at the servers Wireshark shows SYN, ACK in a few of the captures.

Now on the Rogue, we need to run Low Orbit Ion Cannon and lock onto the server

Now as soon as I run this wireshark will light up!


Now let’s see how the site runs on the Client VM now.


This lab was good and taught me a lot about DOS attacks but I felt like the middle man lab did not make sense to me, in terms of what I was supposed to achieve.

I faced a few issues with the Ettercap not detecting my Client address, it took about three tries to find it, but that was a minor issue.

Overall this was a fun lab and I really enjoyed the DOS attack overall







Post Author: Nicholas Wilkinson

I am a 3rd year Networking Major in my IT BIT degree. I have a passion for Cloud Computing and IOT devices.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.