Mapping entire network...an easy way?
Hi there!
I hope this is the right forum... (if not...please, don't kill me, i'm not a native english :().
I'm currently working on a simple gui for sslstrip, but i need an advice on how to retrieve via bash all the "live" hosts without knowing the netmask of an interface.
An example...
I wanna scan my network over eth0 and the only thing that i "know" atm is the current ip and the interface that i wanna use.
Is there a way to scan my network with only these parameters or should i work hardly on the netmask? (if it's 255.255.255.0 is quite simple...).
Any idea?
Many thanks!
Re: Mapping entire network...an easy way?
You can always narrow down your netmask by sliding Msb to the right.
Re: Mapping entire network...an easy way?
Here's whats in my script - hope its helpful.
There are a couple of ways for everything
Code:
lanip="$(ifconfig $interface | awk '/inet addr/ {split ($2,A,":"); print A[2]}')" # LAN IP Address
ip_address="$(ifconfig | grep "Bcast" | awk '{print $2}' | cut -c6-)" # IP Address
interface="$(route | grep -v Gateway | head -n 5 | tail -n -1 | awk -F " " '{print $8}')" # Facing the Network You Want to Spoof
router="$(ip route | grep default | awk '{ print $3}')" # Gives us The Gateway IP address
netmask="$(ifconfig | grep Mask | awk '{print $4}' | cut -c6-55)"
subnet="$(ip route | awk '{print $1}' | head -1)"
wanip="$(wget www.whatismyip.com/automation/n09230945.asp -O - -o /dev/null)" # WAN IP Address
and for the victims you will need to install arpscan
apt-get install arp-scan
use
Code:
arp-scan $router/24 -I $interface
or
arp-scan $subnet -I $interface
Re: Mapping entire network...an easy way?
Thanks to all.
Hey scamentology, this "arp-scan $router/24 -I $interface" only scan withing 255.255.255.0 or am i wrong? (if i've a different subnet, i should i use arp-scan $subnet -I $interface or am i wrong?)
I'll try these solutions asap!
Re: Mapping entire network...an easy way?
You can take a look at my script too http://www.backtrack-linux.org/forum...g-traffic.html, it very commented, so you shouldn't have any problem understanding.
As for only mapping : nmap -sn gatewayip/24 or /16 if you want to map more. What's your subnet ?
Re: Mapping entire network...an easy way?
Yes, but if you do that on a network using multiple netmasks you could make a mess out of the network and piss off the admin. unless you are just using this to spy on your neighbor, in which case your no better than someone who looks into someones window at night. It creepy.
That being the case I would stick to the netmask assigned to you and move around accordingly. have whatever scan you use just output the data but not act on it until you are ready.
Quote:
Originally Posted by
michelinok
Thanks to all.
Hey scamentology, this "arp-scan $router/24 -I $interface" only scan withing 255.255.255.0 or am i wrong? (if i've a different subnet, i should i use arp-scan $subnet -I $interface or am i wrong?)
I'll try these solutions asap!
Re: Mapping entire network...an easy way?
Quote:
Originally Posted by
Scamentology
Yes, but if you do that on a network using multiple netmasks you could make a mess out of the network and piss off the admin. unless you are just using this to spy on your neighbor, in which case your no better than someone who looks into someones window at night. It creepy.
That being the case I would stick to the netmask assigned to you and move around accordingly. have whatever scan you use just output the data but not act on it until you are ready.
I see what you're getting at, but it might just be that his network is not of the most common "private" type which is C. If he has a B type subnet for instance, his quiestion is justified.
Anyway, what michelinok is read about subnet and netmasks and adapt according to his case.
Re: Mapping entire network...an easy way?
Use following subnet masks /25= 2^1 subnets *2^7-2 hosts, /26=2^2 subnets *2^6-2 hosts and so on.
You can also use instead of CIDR notation write simply subnet masks by using dot decimal notation
/25 = 255.255.255.128, /26 = 255.255.255.192 .
Re: Mapping entire network...an easy way?
Quote:
Originally Posted by
comaX
I see what you're getting at, but it might just be that his network is not of the most common "private" type which is C. If he has a B type subnet for instance, his quiestion is justified.
Anyway, what michelinok is read about subnet and netmasks and adapt according to his case.
you get it at 99,5% ;)
what i really wanna do is an "automated" detection of the subnet, nothing else.
i know that in 98% of the cases it'll be 255.255.255.0 but if not? i don't wanna user to be forced to type his subnet :)
sorry for my english...i hope you've understood now :) (or "understand now"? :confused:)
Re: Mapping entire network...an easy way?
If you did glance at my script you'd have found what you're looking for ^^
Code:
search=$(ip route show | awk '(NR == 1) { print $1}') #store gateway/24 for whole network mapping to variable
#We put it here in the middle, because it could be used two times, but the gateway shouldn't change,
#so there is no need to do it twice.
I wrote #store gateway/24 because that's what it is in 98% of the cases. But if it changes, the var will change too, accordingly.
Then nmap -sn $search
