Using NMAP in a Virtual Lab


I will gather the appropriate tools to set up a virtual lab.  Afterward, I will use the virtual lab to demonstrate the utility of NMAP.  The NMAP demonstration will include network scanning and port analysis.


–  Windows 10 64x

–  Working internet connection

–  Internet browser

–  At least 124 MB of RAM and 20 GB of hard disk storage space

–  Passwords

–  VMware Workstation 12 Player

–  Metasploitable 2 Virtual Disk File

–  Kali Linux Virtual Disk File

–  7-Zip application


Start the lab by booting into Windows 10 and downloading the software required to establish a suitable virtual laboratory.  VMware Workstation 12 Player should be procured in order to run virtual machines.  Find the VMware download page at and download the Windows 64 bit version.  Afterward, install the VMware station with default settings.  Next, the Kali Linux virtual disk file should be retrieved in order to run offensive security tests with NMAP.  Find the virtual disk file at and download the 64 bit VM.  To verify that the file is what the developer intended to distribute, run a hash algorithm against the file and compare the value with the value listed by the distributor.  To run a hashing algorithm, a hashing program can be downloaded from  Furthermore, Metasploitable 2 will need to be acquired, which will serve as a target for penetration testing.  Download a Metasploitable 2 image from  Finally, an unzipping application will be needed to unpack the downloaded files.  Retrieve 7-Zip from and install the application.

The following steps involve the configuration and preparation of the virtual laboratory.  First, use 7-zip to unpack all downloaded zipped files and extract the contents to folders that can be found later.  Afterward, run the VMware Workstation application and left-click on “Open a Virtual Machine.”  Navigate to the folder containing the Kali Linux virtual disk file and left-click the image file.  Consequently, the Kali virtual machine will be added to VMware’s library.  Next, left-click on “Open a Virtual Machine” and select the Metasploitable 2 image to add Metasploitable to the VM library.

The next phase of the lab includes the final setup of the virtual laboratory.  Open the Kali VM by left clicking on its button in the VMware library.  Log in with username “root” and password “toor.”  Then, open the Metasploitable VM and log in as “msfadmin” using the password “msfadmin.”  Ensure that both virtual machines are set to connect to “VMnet 3.”  Configure each VM to connect to VMnet 3 by using the VMware virtual machine window to navigate to “Player”, “Manage”, and then “Network Adapter.”  Select “VMnet 3” in the Kali window and the Metasploitable window.  Next, set your IP address in Kali Linux to  In order to setup the IP address, open a terminal in Kali Linux and enter the command: “sudo ifconfig eth0”* Additionally, Metasploitable’s IP address should be configured on the same subnet.  Use Metasploitable to issue the command: “sudo ifconfig eth0”  Metasploitable will require a password after the command is issued, so enter “msfadmin.”  Then, restart the networking processes in each VM by running the command: “sudo /etc/init.d/networking restart” in Kali.  Issue the same command in Metasploitable, and when asked for a password, enter “msfadmin.”  Finally, use Metasploitable to run the command “sudo ifconfig” and record the IP address on the line “eth0” where it mentions “inet address.”  This will serve as Metasploitable’s IP address for the remainder of the lab.  If “sudo ifconfig” revealed no IP address, issue the command “sudo ifconfig eth0” to bring Metasploitable back on the subnet.

As the final phase, NMAP will be used to scan Metasploitable for vulnerabilities.  First, to verify that the VMs occupy the same network, ping Metasploitable with Kali Linux.  In the Kali Linux terminal, issue the command “sudo ping”**  If the command yields a feed of results of “ms”, then the networking is configured properly.  However, if the terminal says that the host is unavailable, try repeating prior steps.  Then, enter “CTRL+C” to stop the feed.  To begin demonstrating NMAP, use the Kali VM to enter the command “sudo nmap”  Doing so should generate a list of ports, port statuses, and services used by Metasploitable.  Next, issue the command “sudo nmap –v” to generate even more information with the “verbose” switch.  Afterward, enter the command “sudo nmap –O –v” to yield even more information about the target computer, such as the OS, the number of hops, and the kind of device.  For information about TCP prediction, IP ID sequences, service information, and system up time, issue the command “sudo nmap –sV –O –v”  Or, to conduct a simple ping scan, issue the command “sudo nmap –sP”  Moreover, to ping all hosts on the network, enter the command “sudo nmap –sP 192.168.1.*.”  To be more precise, scan the network for boxes running web servers with the command “sudo nmap –p80 192.168.1.*.”  Doing so will target port 80 on all hosts within the network.  Finally, to target multiple ports on all hosts within the network, try the command “sudo nmap –p21,23,80 192.168.1.*.”

*Commands should be issued without quotation marks.

**NMAP and ping commands should use the IP address listed by the “ifconfig” command in Metasploitable.  For the purposes of this paper, “” simply serves as a placeholder.


Figure 1: Screenshot of VMware after adding Kali and Metasploitable virtual machines.


 Figure 2: Screenshot of the virtualized Kali Linux desktop after logging in with username “root” and password “toor.”



Figure 3: Screenshot of Metasploitable LUI after logging in with username “msfadmin” and password “msfadmin.”



Figure 4: Screenshot of VMnet3 setup.  Navigate from “Player”, to “Manage”, to “Network Settings.”  Then scroll down to “VMnet3” and select it.  Apply this setting to both Kali and Metasploitable.



Figure 5: Screenshot of configuring the IP address as in Kali Linux.



Figure 6: Screenshot of configuring the IP address as in Metasploitable.



Figure 7: Screenshot of restarting network processes in Kali Linux.



Figure 8: Screenshot of Kali Linux output after issuing the network restart command.



Figure 9: Screenshot of restarting network processes in Metasploitable.



Figure 10: Screenshot of confirming IP address after restarting network processes.  Note that an IP address is lacking in the field it should be in.  Fix this by entering “sudo ifconfig eth0”



Figure 11: Screenshot of using the “ifconfig” command to confirm that the IP configuration worked.



Figure 12: Screenshot of Kali Linux pinging the newly configured Metasploitable box.



Figure 13: Screenshot of the simple NMAP command as it targets the Metasploitable box.



Figure 14: Screenshot of the output.  Note: It lists port numbers, states of the ports, and the services associated with the ports.



Figure 15: Screenshot of the NMAP command with a “-v” switch for verbose output.



Figure 16: Screenshot #1 of verbose NMAP output.



Figure 17: Screenshot #2 of verbose NMAP output.



Figure 18: Screenshot of entering command for verbose output with the –O switch.



Figure 19: Screenshot #1 of NMAP output from the –v switch and the -O switch.



Figure 20: Screenshot #2 of NMAP output with the -v switch and the -O switch.



Figure 21: Screenshot #3 of NMAP output with the -v switch and the -O switch.



Figure 22: Screenshot of entering the NMAP command with the -sV switch, and -O switch, and the -v switch.



Figure 23: Screenshot #1 of NMAP output from the -sV switch, and -O switch, and the -v switch.



Figure 24: Screenshot #2 of NMAP output from the -sV switch, and -O switch, and the -v switch.



Figure 25: Screenshot #3 of NMAP output from the -sV switch, and -O switch, and the -v switch.



Figure 26: Screenshot of using NMAP to ping the target host.



Figure 27: Screenshot of NMAP ping output.



Figure 28: Screenshot of the command to ping all hosts within the IP field.



Figure 29: Screenshot of the output made by pinging all hosts in the IP field.



Figure 30: Screenshot of command to scan port 80 on all hosts within the IP field.



Figure 31: Screenshot of output made by scanning port 80 on all hosts within the IP field.



Figure 32: Screenshot of command to scan ports 21, 23, and 80 on all hosts within the IP field.  Some output is included.



Figure 33: Screenshot of more output generated by varied port scan of all hosts within IP field.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s