hands-on lab

Interpreting Security Tool Output

Up to 40m
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


Security tools greatly simplify the task of assessing the security of your environments. However, there is still room for interpretation of reported results and analysis of data. In this Lab, you will use two popular security tools and learn how to understand more about what the tools are doing and how to interpret their results.

You will use Kali Linux as the security platform. You will scan a vulnerable host on the local network and analyze live traffic. The local network for this Lab is contained within a Hyper-V virtual environment. The hosts on the network consist of a variety of Linux and Windows hosts.

This Lab is designed for the CREST Practitioner Security Analyst (CPSA) certification examination but is of value to security practitioners in general.

Lab Objectives

Upon completion of this Lab you will be able to:

  • Perform fast and full port scans of targets using Nmap
  • Understand the steps Nmap takes in performing scans
  • Analyze network traffic using Wireshark
  • Use Wireshark to understand how security tools communicate over the network

Lab Prerequisites

You should be familiar with:

  • Nmap and ARP Scanner basics
  • TCP/IP and OSI network model basics

You can fulfill the prerequisites by completing the Network Mapping and Target Identification Lab and the OSI and TCP/IP Networking Models Course.



July 9th, 2020 - Enabled direct browser RDP connection for a streamlined experience

Environment before

Environment after

About the author

Logan Rakai, opens in a new tab
Lead Content Developer - Labs
Learning paths

Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, Microsoft Certified Azure Solutions Architect Expert, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Security Specialist (CKS), Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.

LinkedIn, Twitter, GitHub

Covered topics

Lab steps

Interpreting the Output of a Fast Mode Nmap Scan
Interpreting the Output of a Full Nmap Scan
Interpreting Live Traffic Analysis with Wireshark