top of page

Cybersecurity / IT

Untitled design (3).jpg

Network Vulnerability and Anomaly Analysis Using Nmap and Wireshark

For this school project, I conducted a network reconnaissance and analysis simulation using Nmap and Wireshark. The objective was to assess network topology, identify vulnerabilities and anomalies, and provide remediation strategies based on real-world best practices. This lab-based scenario provided me with practical experience in identifying and evaluating threats, learning how outdated systems, misconfigurations, and insecure protocols can leave a network vulnerable to compromise.

Introduction

The core of the project consisted of the following components:

  • Discover and map the network using Nmap.

  • Identify host vulnerabilities including exposed services and outdated software.

  • Analyze network packet captures (PCAPs) with Wireshark to uncover anomalous or malicious traffic.

  • Assess implications of identified risks.

  • Provide mitigation strategies using industry-recommended solutions and research.

Project Objectives

Network top 1.png
network top 2.png

🔹 1. Network Scanning with Nmap

Tool Used: Nmap (via Zenmap GUI)
Target Network: 10.168.27.0/24
Scan Type: Intense Scan Profile

Findings:

  • The network featured six active hosts connected in a star topology, all linked through a centralized switch or router.

  • This structure allows centralized management but poses a single point of failure.

Key Host Observations:

observations.jpg

Technical Steps and Tools Used

🔹 2. Vulnerability Summary from Nmap

🟠 Vulnerability #1 – FTP Service (Port 21, FileZilla)

  • Risk: Transmits data unencrypted.

  • Implication: Allows credential theft or data sniffing with tools like Wireshark.

  • Solution: Replace FTP with SFTP, which encrypts data in transit using SSH (Carrigan, 2023).
     

🔴 Vulnerability #2 – Outdated Windows Server 2008 R2

  • Risk: Unsupported OS prone to critical CVEs.

  • Implication: Open to privilege escalation and RCE attacks.

  • Solution: Upgrade to Windows Server 2019 or later, which is still supported and actively patched (Maurer, 2023).
     

🟡 Vulnerability #3 – Dual SSH Ports and Outdated OpenSSH (v5.5p1)

  • Risk: CVE-2023-38408 enables remote code execution.

  • Implication: Could be exploited to gain shell access or disrupt services.

  • Solution: Patch to latest OpenSSH version and disable unused SSH port (9090).

summ1.png
summ2.png

Technical Steps and Tools Used

Technical Steps and Tools Used

🔹 3. Packet Capture (PCAP) Analysis with Wireshark

Tool Used: Wireshark
File Analyzed: Pcap1.pcap

🔍 Anomaly #1 – Aggressive TCP Port Scanning (10.16.80.243)

  • Details: High volume of TCP SYN requests to multiple IPs on 10.168.27.0/24.

  • Detection: Non-sequential port scan activity, indicative of stealth scan.

  • Implication: Reconnaissance phase of an attack. If unaddressed, leads to targeted exploits.

🔍 Anomaly #2 – Unsecured FTP Communication (10.168.27.10)

  • Details: FTP login and file transfers observed in plaintext.

  • Implication: Exposes usernames, passwords, and file contents to interception.

🔍 Anomaly #3 – Excessive ARP Requests (10.16.80.243)

  • Details: Large volume of ARP traffic in a short time span.

  • Implication: Could indicate ARP spoofing or reconnaissance for man-in-the-middle attacks.

implications.png

Implications of Not Addressing These Risks

Nmap Vulnerabilities:

  • FTP → SFTP

    • Justification: SFTP encrypts all communication, preventing unauthorized interception (Carrigan, 2023).

  • Windows Server Upgrade

    • Upgrade to Server 2019+ to receive patches and modern security features (Maurer, 2023).

  • OpenSSH Patch & Port Hardening

    • Upgrade to latest OpenSSH version; disable port 9090 unless justified.

Wireshark Anomalies:

  • Port Scanning Mitigation

    • Use firewalls, TCP wrappers, and intrusion detection systems to log and block suspicious scanning behavior (Fortinet, 2023).

  • FTP Block and Replace

    • Block FTP at firewall level. Enforce SFTP or SCP for secure file transfers (Horan, 2023).

  • ARP Spoofing Defense

    • Implement static ARP tables where possible; use ARP inspection on managed switches (Crowdstrike, 2023).

Mitigation & Recommendations

tools.png

Technologies and Tools Used

  • Developed real-world skills in network mapping, vulnerability identification, and packet analysis.

  • Gained experience interpreting Event IDs, protocol-level anomalies, and CVE research.

  • Strengthened understanding of reconnaissance techniques and how attackers fingerprint networks.

  • Practiced correlating packet behavior with host-level findings for complete situational awareness.

Lessons Learned

This project sharpened my defensive and analytical skills in both host-based and network-level security. By combining Nmap for external scanning and Wireshark for deep network visibility, I was able to identify real-world risks and align them with industry-standard remediation tactics.

 

This hands-on experience has strengthened my ability to assess networks critically and respond with validated security solutions—an essential skill set for any cybersecurity role.

Conclusion

  • Carrigan, D. (2023). What is SFTP and Why It’s Secure. Retrieved from [Microsoft Docs].

  • Maurer, W. (2023). End of Support for Windows Server 2008 R2. Microsoft. Retrieved from [support.microsoft.com].

  • CrowdStrike. (2023). What is ARP Spoofing?. Retrieved from [crowdstrike.com].

  • Horan, M. (2023). Why SFTP is Safer Than FTP. Retrieved from [SANS Institute].

  • Fortinet. (2023). How to Prevent Port Scan Attacks. Retrieved from [fortinet.com].

References

bottom of page