Laboratory Exercise: Cyber Basics - Reconnaissance and Network Scanning Lab

This introductory lab has students scanning a small network subnet using nmap to identify live hosts and open ports. Targets include three virtual machines: a web server, a vulnerable Samba server, and an FTP server, as well as other open network ports. It teaches Linux utilities for reconnaissance and scanning such as whois, ifconfig, and nmap with various command-line switches.

Faculty Instructions

Resources required

This exercise requires a Kali Linux VM running in the Virginia Cyber Range.

This lab exercise requires an account on The Range.  To sign up for an account on The Range, please visit our Sign-Up page.  Your students will also require an account on the Virginia Cyber Range; this will be explained in the setup of your course.

Virtual Environment: The environment for this lab contains four virtual machines (VMs) in a single subnet: one Kali Linux VM, plus three target Linux VMs with various open ports and vulnerabilities. One VM hosts DVWA, an intentionally vulnerable suite of web applications used to teach web application penetration testing and defenses. Another VM hosts a vulnerable Samba server. The Samba vulnerability is not exploited in the exercise, but exercises could be developed by the instructor for that purpose. The third target VM is a FTP server. This VM is also not used in this exercise, but it could be used to observe FTP traffic between the Kali Linux box and the FTP server. The FTP server also has intentionally weak user passwords and could be ripe for a password guessing attack. This Virtual Environment is sufficient for all of the ‘Cyber Basics’ exercises listed here, so there is no need to download further exercises; students can simply complete all of their exercises in this environment.

Cyber Basics - Reconnaissance and Network Scanning Lab Handout

Log In
to download materials

* NICE Cybersecurity Workforce Framework KSAs Addressed
  • K0111: Knowledge of common network tools (e.g., ping, traceroute, nslookup) and interpret the information results.
  • K0300: Knowledge of network mapping and recreating network topologies.
  • K0307: Knowledge of common network tools (e.g., ping, traceroute, nslookup).
  • K0471: Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).
  • A0055: Ability to operate common network tools (e.g., ping, traceroute, nslookup).
* NSA/DHS Center of Excellence (CAE) KUs Addressed
  • Networking Concepts

* Most courseware content maps to NIST NICE Cybersecurity Workforce Framework (NCWF) Knowledge, Skills, and Abilities (KSAs) and/or NSA/DHS CAE Knowledge Units (KUs). For more information on KSAs and KUs, please visit:

KSAs: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf

KUs: https://www.iad.gov/NIETP/documents/Requirements/CAE-CD_Knowledge_Units.pdf