Penetration Testing mailing list archives
Re: [PEN-TEST] subnet discovery
From: "Dawes, Rogan (ZA - Johannesburg)" <rdawes () DELOITTE CO ZA>
Date: Mon, 19 Mar 2001 13:27:13 +0200
You could use nmap for this. nmap -sP -PI -n -vv range | grep subnet | cut -f2 -d'(' | cut -f1 -d')' Will give you a list of network broadcast addresses. Of course, if there are no computers in the subnet (apart from the router), you will get no extra responses, and nmap will not be able to detect this. As in: [root@neo /root]# nmap -sP -PI -vv -n 192.168.0.0-5 Starting nmap V. 2.54BETA1 by fyodor () insecure org ( www.insecure.org/nmap/ ) Host (192.168.0.0) seems to be a subnet broadcast address (returned 2 extra pings). Skipping host. Host (192.168.0.1) appears to be up. Host (192.168.0.2) appears to be down. Host (192.168.0.3) appears to be down. Host (192.168.0.4) appears to be down. Host (192.168.0.5) appears to be down. Nmap run completed -- 6 IP addresses (1 host up) scanned in 3 seconds There exists an ICMP netmask message, which might also work. Have a look at hping2. http://www.kyuzz.org/antirez/hping.html Actually, looking at the source, it doesn't support ICMP_ADDRESS requests. Maybe you can hack it. Also have a look at hping3, linked from the same site, although there doesn't seem to be much code yet. Linux also doesn't support ICMP_ADDRESS, it seems, from "man icmp", so Linux 2.2+ machines probably won't answer this type of ICMP message. Rogan -----Original Message----- From: Jason Ellison [mailto:infotek () DATASYNC COM] Sent: 18 March 2001 10:15 To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] subnet discovery has anyone seen a tool that does ping sweeps and detects DUP packets outputing results into a nice parsable format?
Current thread:
- [PEN-TEST] subnet discovery Jason Ellison (Mar 18)
- <Possible follow-ups>
- Re: [PEN-TEST] subnet discovery Dawes, Rogan (ZA - Johannesburg) (Mar 19)
- Re: [PEN-TEST] subnet discovery Yonatan Bokovza (Mar 19)
- Re: [PEN-TEST] subnet discovery Yonatan Bokovza (Mar 19)
- Re: [PEN-TEST] subnet discovery Wynn Fenwick (Mar 19)
- Re: [PEN-TEST] subnet discovery Leif Sawyer (Mar 19)
- Re: [PEN-TEST] subnet discovery Shoten (Mar 20)
- Re: [PEN-TEST] subnet discovery van der Kooij, Hugo (Mar 20)
- Re: [PEN-TEST] subnet discovery Gary E. Miller (Mar 20)
- Re: [PEN-TEST] subnet discovery Fyodor (Mar 20)
- Re: [PEN-TEST] subnet discovery Shoten (Mar 20)
- Re: [PEN-TEST] subnet discovery van der Kooij, Hugo (Mar 20)