Efficient Information Gathering using NMAP and NBTSCAN: Case study on 172.19.19.0 IP Address

Objectives/Methods: In this work, we are going to identify the IP addresses of all the machines. Along with the IP address, we also get information about the operating system and their version executing on machines. We also list the open ports of every machine connected to the network, which we are scanning. Finally, we enlist services executing in all the open port of machine connected with the network, in which we are using NMAP and NBTSCAN as a scanning tool. Findings: NMAP is the most powerful information-gathering tools available in the cybersecurity domain.


Introduction
Information gathering gives us an idea about the amount of publicly accessible data of organization that may help an ethical hacker compromise the network as shown in Figure 1.
We take 172.19.19.0 as an Internet Protocol (IP) address blocks assigned to the target organization that we have taken for our case study. We used NMAP and NBTSCAN to discover live hosts in our target network. We looked for e-paper, e-article, confidential information relating to partners, news of a merger, data related to the acquisition, schematics of network infrastructure. We scanned the entire 172. 19

Literature Survey
Across the world, companies have teams of ethical hacker collecting threat data to protect their existing system from ongoing cyber-threats and manage a strong cyber security workforce 1 . NMAP is one of the best information-gathering programs in the current era. Eventually, the researcher uses NBTSCAN to create host scan attacks 2 . Multiple steps related to either live or dead forensics data gathering are designed by the researcher. Then, they analyse the DHCP requests to trace the attacking laptop 3 . Multiple reports of various formats are collected from different network scanning tools in 4 . Information sources can be accessed automatically through information gathering methodology 5 . These information-gathering techniques are useful for collecting essential information 6 . Some researcher analyses this methodology and presents a generic framework for gathering and utilising widely distributed data in an expanding internet-based world 7 . Attack tracing also indirectly helps to collect information to help in detailed information gathering 8 . Some researcher also used highinteraction honeypots to collect information related to the target network 9 .

Methodology
We used NMAP and NBTSCAN to discover live hosts in the network. We scanned 172.19.19.0 to discover live host in this network as shown in Figure 2.
Using command NBTSCAN, we scanned for the addresses from IP that is 172.19.19 to discover live nearby networks as mentioned in Figure 2. We scanned 10.0.0.0 to discover live host in this network again using NBTSCAN but at this time on a different network that is 10.0.0.0 as shown in Figure 3. We scanned 172.0.0.0 to discover live host in this network as shown in Figure 4.
We scanned the entire 172.19.19.0 range hosts to identify open ports, executing services and the operating system executing on the system associated with an open port. We scanned 172.19.19.1 to identify open ports, ongoing services and operating system on it as shown in Figure 5. In this figure that is Figure 5, we scanned the network 172.19.19.1 using NMAP output and we found all the open ports executing on that network. We scanned 172.19.19.2 to identify open ports, services and operating system on it as shown in Figure 6.
We scanned 172.19.19. 3 to identify open ports, executing services and operating system on it as shown in Figures 7-8. We scanned 172.19.19.4 to identify open ports, executing services and operating system running on it as shown in Figure 9. We scanned 172.19.19.5 to identify open ports, executing services and operating system on it as shown in Figure 10. In this figure, we found the complete description for mainly two ports in which we found the operating system which is the main thing.  Figure 13.
We scanned 172.19.19.8 to find the same things that are open ports and system version to find a vulnerability to get into the system as shown in Figure 14. We scanned 172.19.19.9 to identify open ports, executing services and operating system on it as shown in Figure 15. In this, we found different services found on the network 172.19.19.9 such as NetBIOS and Microsoft. We continue scanning 172.19.19.10 to find furthermore open ports, executing services and operating system on it as shown in Figure  16

Conclusion
In this work, we used NMAP and NBTSCAN. Both NMAP and NBTSCAN are powerful tools available in the cyber security domain for information gathering or scanning of the network. In future, we shall use any other information gathering tool to enlist the service available on the open port of the machine of the target network. In future, we shall also close the open port in order to enhance the cyber security. There is also an open scope to do denial of service attacks with the help of open ports.