Internal Discovery

Net User

C:>net user

Administrator eLS Guest HelpAssistant jessica kirk mrjohn netadmin SUPPORT_388945a0

C:>Net Accounts Force user logoff how long after time expires?: Never Minimum password age (days): 3 Maximum password age (days): 32 Minimum password length: 4 Length of password history maintained: None Lockout threshold: 3 Lockout duration (minutes): 11 Lockout observation window (minutes): 8 Computer role: WORKSTATION The command completed successfully.

IPTables

#iptables -vn -L //verbose, numeric output, list the tables #iptables -A OUTPUT -d 10.10.10.14 -j DROP //Append to output table, the outbound traffic towards 10.10.10.14 should be dropped

Set up an iptable link to track bytes from a scan.

iptables -I INPUT 1 -s <ip> -j ACCEPT

iptables -I OUTPUT 1 -d <ip> -j ACCEPT

iptables -Z

Then Scan

nmap -sT <ip> syn scan for top 1000 ports makes 72KB of traffic

Then check the bytes size #iptables -vn -L We can clear the logging for another scan

iptables -Z //zero packet counter

We then do a full range port scan

nmap -sT -p 1-65535 <ip> scan makes 4.5MB of traffic but may produce more ports also

//So a full port scan of a /24 network will result in 1000MB of traffic

//launch the script then launch something like an nmap scan to see how much traffic it generated #! /bin/bash

//reset all counters and iptable rules

iptables -Z && iptables -F

//measure incoming traffic to ip

iptables -I INPUT 1 -S -j ACCEPT

//measure outgoing traffic to ip

iptables -I OUTPUT 1 -d -j ACCEPT

//chmod 755 it //