Network scanning

This post will be focused mainly on tools and techniques that allow you to look at a network and see IP 4 characteristics like TCP open ports, responsive nodes on the network, OS searching. Some of the tools in the post will be things like nMap, Zenmap, Wireshark.

 

Nmap

Nmap can be found here https://nmap.org/ (Linux) or http://nmap.org/book/inst-windows.html (Windoows)

 

Command Examples:

Scan IP addresses 10.0.1.1 through 10.0.1.254 looking for IPs with port 80 Open. As you can see by default it tries to guess the operating system and service name, also returns the MAC address. You can do a range of ports by changing the “-p 80” to “-p 90-443”.

$ sudo nmap -p 80 10.0.1.1-254

Example Results

Starting Nmap 6.46 ( http://nmap.org ) at 2015-05-21 06:29 CDT

Nmap scan report for 10.0.1.1

Host is up (0.0025s latency).

PORT   STATE  SERVICE

80/tcp closed http

MAC Address: 88:1F:A1:28:66:84 (Apple)

Nmap scan report for 10.0.1.2

Host is up (0.0023s latency).

PORT   STATE    SERVICE

80/tcp filtered http

MAC Address: 6C:33:A9:1C:FD:77 (Magicjack LP)

Nmap scan report for 10.0.1.3

Host is up (0.0027s latency).

PORT   STATE    SERVICE

80/tcp filtered http

MAC Address: 88:1F:A1:28:66:84 (Apple)

Nmap scan report for 10.0.1.5

Host is up (0.0025s latency).

PORT   STATE SERVICE

80/tcp open  http

MAC Address: 68:05:CA:10:B7:78 (Intel Corporate)

Nmap scan report for 10.0.1.6

Host is up (0.27s latency).

PORT   STATE  SERVICE

80/tcp closed http

MAC Address: 00:22:4C:D1:4B:EC (Nintendo Co.)

Nmap scan report for 10.0.1.97

Host is up (0.17s latency).

PORT   STATE    SERVICE

80/tcp filtered http

MAC Address: 68:A3:C4:B3:37:D3 (Liteon Technology)

Options

You can do a range of ports by changing the “-p 80” to “-p 90-443”.

$ sudo nmap -p 80-443 10.0.1.1-254

Zenmap

Zenmap is a GUI that can go with Nmap. The command switches may not be for you. also zenmap will show the commands needed based on your Gui choices, so a good way to learn.

Download here: https://nmap.org/zenmap/

Zenmap

Wireshark

Wireshark allows you to open pcap files, or perform network scans. Keep in mind that you can only scan what is occurring on your computer unless you are the following conditions are met

Download: http://sectools.org/tag/sniffers/

  1. You are scanning in pervasive mode
  2. You are plugged into a switch port with port mirroring on, and the switch ports you want to sniff are mirrored to that port
  3. You are plugged into a hub
  4. You want to sniff broadcast traffic (strange but could happen)

Leave a Reply