Contact Us Today! (215) 853-2266

Bardissi Enterprises Blog

Bardissi Enterprises has been serving the Hatfield area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Nmap for n00bs (Part 2) Fumbling toward a hacker’s-eye view of your network

In Part 1 of this series, we introduced you to network scanners in general, and an excellent free one in particular, Nmap. You also learned how to obtain and install Nmap. Here in Part 2, you’ll use Nmap to find out how many devices are active on your network. In Part 3, tomorrow, you’ll try your first network scan, and we’ll explain how to interpret the results.

This series assumes you have mastered basic concepts of networking, but do not have a lot of experience managing network security. To understand what follows, you should have a working grasp of IP addresses, subnet masks, and slash notation.

Getting Oriented on Your Own Network

If you’re going to scan your whole network at once — and you are! — you need to know your network IP address, a single address that represents your entire network..

You can learn your network IP address easily using the command line. If you don’t have your DOS prompt open, access it now (and if you don’t know how to, refer to the last paragraphs of Part 1). At the blinking prompt, type ipconfig and press Enter. Your results will differ from ours in the details, but will look generally like this:

C:\Program Files\Nmap>ipconfig 
Windows IP Configuration 
Ethernet adapter Wireless Network Connection 3: 
Connection-specific DNS Suffix . : 

In Part 1 of this series, we introduced you to network scanners in general, and an excellent free one in particular, Nmap. You also learned how to obtain and install Nmap. Here in Part 2, you’ll use Nmap to find out how many devices are active on your network. In Part 3, tomorrow, you’ll try your first network scan, and we’ll explain how to interpret the results.

This series assumes you have mastered basic concepts of networking, but do not have a lot of experience managing network security. To understand what follows, you should have a working grasp of IP addresses, subnet masks, and slash notation.

Getting Oriented on Your Own Network

If you’re going to scan your whole network at once — and you are! — you need to know your network IP address, a single address that represents your entire network..

You can learn your network IP address easily using the command line. If you don’t have your DOS prompt open, access it now (and if you don’t know how to, refer to the last paragraphs of Part 1). At the blinking prompt, type ipconfig and press Enter. Your results will differ from ours in the details, but will look generally like this:

C:\Program Files\Nmap>ipconfig 
Windows IP Configuration 
Ethernet adapter Wireless Network Connection 3: 
Connection-specific DNS Suffix . : 
IP Address. . . . . . . . . . . . : 192.168.111.34 
 Subnet Mask . . . . . . . . . . . : 255.255.255.0 
 Default Gateway . . . . . . . . . : 192.168.39.14 
C:\Program Files\Nmap> 

If you or your predecessor originally designed your network using the most common subnet masks such as 255.255.255.0 (in slash notation, /24), 255.255.0.0 (/16), or 255.0.0.0 (/8), it’s easy to figure out your network’s IP address, since it will always end in zero. For instance, based on the sample IPCONFIG above, you know our test computer has a 192.168.111.34 address and a 255.255.255.0 or /24 subnet mask. That subnet mask indicates that the first three octets of an address designate the network. We also just mentiond that the most common subnets, such as /24, always end in a zero for the network address. So the network address of our sample computer is 192.168.111.0/24.

However, when you subdivide networks into smaller pieces using less common subnet masks, it’s more difficult to find your network address without knowing how subnet masking works on a binary level . The network address won’t always end in zero, so then you have to calculate it. Don’t worry, though; we have a trick that will tell you your network IP address without any calculation at all.

Using the command prompt, the ROUTE command actually lists every network route on your computer. It’s intended to help you figure out how your computer reaches other networks, but that’s not how you’ll use it today. Besides having routes to other networks, your computer also has a route to your own local network. Your computer creates this route using your local network IP address. So, we’ll use the ROUTE command to display the routes to your local network, and in that way, see your network IP address.

In the command prompt, type:

route print 192* 

If appropriate, eplace the “192″ with the first octet of your own computer’s IP address (which you learned from your IPCONFIG results). Then press Enter. Your results should resemble Figure 1 (showing your own IP addresses, of course):

Much of the ROUTE command’s output lists information about your network card that we don’t care about right now. In our sample output, we’ve displayed the line of interest in orange text. The first IP address in our output shows our network IP address: 192.168.111.0 with the subnet mask 255.255.255.0 (or 192.168.111.0/24). Similarly, your network IP address should be the first IP address you see in your output.

Presto! You now have the address you need in order to scan your entire network. So let’s get back to Nmap.

How nmap counts your networked devices

We’re helping you get acquainted with Nmap, but you hardly need us if you’re willing to experiment a little and read a lot. To access Nmap’s help file, at the command prompt just type nmap and press Enter. That’s one convenient way to learn about Nmap’s options.

Though nmap is a port scanner, you can use it to do many things. For starters, we’ll use the ping command to automate the task of counting how many computers are currently active on your network. In the command prompt, type

nmap -sP 192.168.111.0/24

(Of course, replace our sample network’s IP address with your network IP address.) You should see a result similar to this:

C:\Program Files\Nmap>nmap -sP 192.168.111.0/24 
Starting Nmap 4.20 (http://www.insecure.org/nmap ) 
    at 2007-05-08 12:18 Pacific Standard Time 
Host 192.168.111.1 appears to be up. 
 MAC Address: 00:01:02:55:73:C3 (3com) 
Host 192.168.111.3 appears to be up. 
 MAC Address: 00:10:5A:27:5C:44 (3com) 
Host 192.168.111.254 appears to be up. 
 MAC Address: 00:90:7F:2E:1D:FB (WatchGuard Technologies) 
Host frodolinux.hogwarts.lsstest.dyndns.org 
    (192.168.111.16)appears to be up.
 MAC Address: 00:04:76:22:C6:65 (3 Com) 
Host 192.168.111.34 appears to be up. 
Host 192.168.111.126 appears to be up.
 MAC Address: 00:10:4B:0E:E6:E6 (3com) 
Nmap finished: 256 IP addresses (6 hosts up) 
    scanned in 5.797 seconds 

When you ran that command, Nmap pinged every IP address in the range of the network IP address you supplied. Nmap lists information for the IPs that responded to this request. So the list of IP addresses in our sample result show networked devices that currently respond to ping requests. In this example, Nmap found the following six IPs active on our test network:

  • 192.168.111.1
  • 192.168.111.3
  • 192.168.111.254
  • 192.168.111.16
  • 192.168.111.34
  • 192.168.111.126

As you might guess, this is not the most accurate count possible. If you divide some segments of your network using an internal firewall, the firewall might hide any devices behind it. And devices on your network that are powered off when you scan won’t respond. But the results are still useful. Repeat the command over time to learn what “normal” is on your network. If a daily scan typically returns 18 to 22 authorized devices, and one day it finds 35, you know it’s time to investigate. (Maybe one of the engineers added a rogue wireless access point and now the neighboring businesses are piggybacking onto your WiFi Internet access.)

If you have many active IPs on your network, your Nmap ping results quickly scroll off the command prompt window. Here are two methods to run the same command, managing the output in different ways. You can use these methods when running any command line application:

  • To pause output before it scrolls off screen, add | more
    Example: Nmap -sP 192.168.111.0/24 | more
    (Press your spacebar or the Enter key to continue output)
  • To capture output to a text file, specify a file name
    Example: Nmap -sP 192.168.111.0/24 > filename.txt
    (Change “filename” to any name you like)

Using Nmap to automate your pings, rather than manually pinging hundreds of addresses yourself, is cool. You now know how many devices respond on your network. But that’s not even Nmap’s primary purpose! You want to use it to port scan your network. So let’s do it — in Part 3, tomorrow. ##

Back to Part 1

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 23 December 2024
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

Recent Comments

Tip of the Week: Which Headphones are Right for Your Needs?
23 April 2018
I will recommend Plantronics Backbeat Pro 2 SE Noise cancelling Headset with it's Great features.
Gamification: Make Business Fun for Everyone
27 January 2017
The world is based on the games. There are many types of games as per the aussie essay writing servi...
Let's Talk Tablets
12 January 2017
The concept of tablet is far better than that of PC because you can bring them with you everywhere a...
Tip of the Week: Tweak Your Workday in These 4 Ways and See Major Results
12 January 2017
The only thing will I will say regarding this blog is that it is very helpful at least for me. As I ...
WatchGuard Releases Version 10.2.7 for WSM, Edge, Fireware, and Fireware Pro
23 December 2016
I really needed to know about the fireware but i was confused that where can i find information abou...