This lab focuses on the practical application of techniques discussed in the Cyber Reconnaissance lecture. Your class will be split up into a Blue team and a Gold team, where each team will gather as much information as possible about the security posture of the opposite team. The purpose of this task is, of course, to prepare you all for the inevitable cyber attack against your opponent that will follow next week.

Virtual Environment

Virtual Machine OS. The virtual machines you will use in the next three labs use an operating system called Backtrack Linux, a variant of the Linux family of operating systems. Backtrack, and its current follower Kali Linux, are used by both the good guys, called "penetration testers", or "pen-testers" for short, as well as the bad guys. Backtrack and Kali contain an arsenal of cyber reconnaissance and attack tools. However, you should only use them on controlled systems where you have permission, and never to attack a real-world system without legal authority.

You have permission to conduct active and passive reconnaissance within the course virtual environment.

Accessing the Virtual Environment

Reconnaissance Lab Introduction

Reconnaissance Activity

Using the guidance below, gather as much information as possible about your opponent's network, in the given time. In general you will be:

  1. Running a command to get data, output from the command.
  2. Process that data and turn it into information about the target network.
  3. Compile that information into knowledge about the target network for use in planning and conducting attack operations.

Record what you find on your worksheet!

Your Objective

You are provided the following information (some of it you should record on your worksheet!):
Publicly Available Information
IP block:
DNS Server:
You will be trying to obtain the following information:
  • Your host IP Address and its domain name
  • A list of IP Addresses and hostnames for key hosts on your network.
  • A list of target host IP Addresses and their domain names
  • For each target host:
    • a list of open ports and the service running on them
    • name and version information for each running service
    • operating system name and version
⇦ Fill in front of worksheet
  • A network map showing all routers between you and your opponent.
  • A list of usernames and potential passwords
  • A concentric circle diagram of the target network
⇦ Draw on back of worksheet

Note: Be sure you have used ifconfig to get your own host IP Address (look for "inet addr" next to the eth0 output) and use nslookup to determine your host domain name and your team's web server and name server domain names/IP Addresses. Record the information on the top of your worksheet where your name and alpha are located.

Network Barrier Exploration

Map the Target Network

Host Barrier Exploration

Website Reconnaissance


By the end of the lab, you should have drawn a "concentric circles" target diagram of your opponent's network, like the one shown in the Cyber Reconnaissance lecture.