Results 1 to 10 of 10

Thread: Mapping entire network...an easy way?

Hybrid View

  1. #1
    Senior Member
    Join Date
    Apr 2006
    Posts
    154

    Default Mapping entire network...an easy way?

    Hi there!
    I hope this is the right forum... (if not...please, don't kill me, i'm not a native english ).

    I'm currently working on a simple gui for sslstrip, but i need an advice on how to retrieve via bash all the "live" hosts without knowing the netmask of an interface.
    An example...
    I wanna scan my network over eth0 and the only thing that i "know" atm is the current ip and the interface that i wanna use.
    Is there a way to scan my network with only these parameters or should i work hardly on the netmask? (if it's 255.255.255.0 is quite simple...).

    Any idea?

    Many thanks!

  2. #2
    Member
    Join Date
    May 2011
    Location
    Israel
    Posts
    74

    Default Re: Mapping entire network...an easy way?

    You can always narrow down your netmask by sliding Msb to the right.
    Scientia ac Labore

  3. #3
    Senior Member
    Join Date
    May 2010
    Posts
    198

    Default Re: Mapping entire network...an easy way?

    Here's whats in my script - hope its helpful.
    There are a couple of ways for everything
    Code:
           lanip="$(ifconfig $interface | awk '/inet addr/ {split ($2,A,":"); print A[2]}')"    # LAN IP Address
      ip_address="$(ifconfig | grep "Bcast" | awk '{print $2}' | cut -c6-)"                         # IP Address
       interface="$(route | grep -v Gateway | head -n 5 | tail -n -1  | awk  -F " " '{print $8}')"  # Facing the Network You Want to Spoof
          router="$(ip route | grep default | awk '{ print $3}')"                                # Gives us The Gateway IP address
         netmask="$(ifconfig | grep Mask | awk '{print $4}' | cut -c6-55)"
          subnet="$(ip route | awk '{print $1}' | head -1)"
           wanip="$(wget www.whatismyip.com/automation/n09230945.asp -O - -o /dev/null)"        # WAN IP Address
    and for the victims you will need to install arpscan
    apt-get install arp-scan
    use
    Code:
    arp-scan $router/24 -I $interface
    or
    arp-scan $subnet -I $interface
    Last edited by Scamentology; 06-01-2011 at 05:57 AM.
    "Never do anything against conscience -- even if the state demands it."
    -- Albert Einstein

  4. #4
    Senior Member
    Join Date
    Apr 2006
    Posts
    154

    Default Re: Mapping entire network...an easy way?

    Thanks to all.
    Hey scamentology, this "arp-scan $router/24 -I $interface" only scan withing 255.255.255.0 or am i wrong? (if i've a different subnet, i should i use arp-scan $subnet -I $interface or am i wrong?)

    I'll try these solutions asap!

  5. #5
    Senior Member
    Join Date
    May 2010
    Posts
    198

    Default Re: Mapping entire network...an easy way?

    Yes, but if you do that on a network using multiple netmasks you could make a mess out of the network and piss off the admin. unless you are just using this to spy on your neighbor, in which case your no better than someone who looks into someones window at night. It creepy.

    That being the case I would stick to the netmask assigned to you and move around accordingly. have whatever scan you use just output the data but not act on it until you are ready.

    Quote Originally Posted by michelinok View Post
    Thanks to all.
    Hey scamentology, this "arp-scan $router/24 -I $interface" only scan withing 255.255.255.0 or am i wrong? (if i've a different subnet, i should i use arp-scan $subnet -I $interface or am i wrong?)

    I'll try these solutions asap!
    "Never do anything against conscience -- even if the state demands it."
    -- Albert Einstein

  6. #6
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Mapping entire network...an easy way?

    Quote Originally Posted by Scamentology View Post
    Yes, but if you do that on a network using multiple netmasks you could make a mess out of the network and piss off the admin. unless you are just using this to spy on your neighbor, in which case your no better than someone who looks into someones window at night. It creepy.

    That being the case I would stick to the netmask assigned to you and move around accordingly. have whatever scan you use just output the data but not act on it until you are ready.
    I see what you're getting at, but it might just be that his network is not of the most common "private" type which is C. If he has a B type subnet for instance, his quiestion is justified.

    Anyway, what michelinok is read about subnet and netmasks and adapt according to his case.
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  7. #7
    Senior Member
    Join Date
    Apr 2006
    Posts
    154

    Default Re: Mapping entire network...an easy way?

    Quote Originally Posted by comaX View Post
    I see what you're getting at, but it might just be that his network is not of the most common "private" type which is C. If he has a B type subnet for instance, his quiestion is justified.

    Anyway, what michelinok is read about subnet and netmasks and adapt according to his case.
    you get it at 99,5%
    what i really wanna do is an "automated" detection of the subnet, nothing else.
    i know that in 98% of the cases it'll be 255.255.255.0 but if not? i don't wanna user to be forced to type his subnet

    sorry for my english...i hope you've understood now (or "understand now"? )

  8. #8
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Mapping entire network...an easy way?

    You can take a look at my script too http://www.backtrack-linux.org/forum...g-traffic.html, it very commented, so you shouldn't have any problem understanding.

    As for only mapping : nmap -sn gatewayip/24 or /16 if you want to map more. What's your subnet ?
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  9. #9
    Member
    Join Date
    May 2011
    Location
    Israel
    Posts
    74

    Default Re: Mapping entire network...an easy way?

    Use following subnet masks /25= 2^1 subnets *2^7-2 hosts, /26=2^2 subnets *2^6-2 hosts and so on.
    You can also use instead of CIDR notation write simply subnet masks by using dot decimal notation
    /25 = 255.255.255.128, /26 = 255.255.255.192 .
    Scientia ac Labore

  10. #10
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Mapping entire network...an easy way?

    If you did glance at my script you'd have found what you're looking for ^^
    Code:
     
    search=$(ip route show | awk '(NR == 1) { print $1}') #store gateway/24 for whole network mapping to variable
    #We put it here in the middle, because it could be used two times, but the gateway shouldn't change,
    #so there is no need to do it twice.
    I wrote #store gateway/24 because that's what it is in 98% of the cases. But if it changes, the var will change too, accordingly.

    Then nmap -sn $search
    Last edited by comaX; 06-02-2011 at 12:50 PM.
    Running both KDE and GNOME BT5 flawlessly. Thank you !

Similar Threads

  1. Should my entire Harddrive be in the removable media area?
    By the fool in forum Beginners Forum
    Replies: 2
    Last Post: 07-25-2010, 05:35 PM
  2. Mapping your gps data.
    By imported_vvpalin in forum OLD Newbie Area
    Replies: 10
    Last Post: 05-25-2009, 08:31 AM
  3. VB Script and mapping network drives
    By imported_kiloraw in forum OLD Newbie Area
    Replies: 13
    Last Post: 08-29-2008, 02:03 PM
  4. gps mapping with kismet
    By PrinceDarkShadow in forum OLD Newbie Area
    Replies: 13
    Last Post: 06-03-2007, 01:45 AM
  5. kismet and network mapping
    By andlog6 in forum OLD Newbie Area
    Replies: 7
    Last Post: 05-28-2007, 11:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •