Segmentation Testing

When performing segmentation tests for PCI compliance, there aside from my Nmap scans there are a few things I've wanted to keep jotted down. This section contains my notes.

Below are some basic commands to use while performing segmentation testing. It should be noted that these should be modified in order to be more thorough.

ICMP

nmap -sn $subnet -oA ICMP_Check

TCP

nmap -sS -Pn -p- $subnet -oA TCP_Scan

UDP

nmap -sU -Pn --top-ports 1000 $subnet -oA UDP_Scan

IPv6

nmap -6 $ipv6address -oA IPv6_Scan

Reporting

The following table is an example of how to report the results of a segmentation test:

IP Address	Port	Protocol	Service
10.1.1.1	53	tcp	DNS
10.2.2.2	80	tcp	HTTP
10.3.3.3	445	tcp	SMB

Notes

When performing a segmentation test against FortiGate devices, port 113/TCP may appear against every host as: closed. This is not a firewall misconfiguration. This documentation details more on this issue.
When a port appears as open|filtered after performing a UDP scan, try running the following to verify if it is open:

nmap -sUC -p $port $ipaddress

Segmentation tests should note all open ports regardless of the business use case. If a business needs a port open, jusitifcation should be provided in the report.

PreviousNetwork Sniffing NextSimple Network Management Protocol (SNMP)

Last updated 10 months ago