.

How to discovery all ip on a network

<<

KH3

Newbie
Newbie

Posts: 7

Joined: Mon Sep 17, 2007 4:25 pm

Location: Europe

Post Mon Sep 17, 2007 4:32 pm

How to discovery all ip on a network

As a new pentester - i wonder how to discover all ip´s on a network if you have a connection to the network and don´t know what´s on the net. Incl. machines on routed network.

Any good hint´s or tools?

KH3
<<

LSOChris

Post Mon Sep 17, 2007 5:45 pm

Re: How to discovery all ip on a network

nmap -sP 192.168.0.0/24
<<

EmanoN

Newbie
Newbie

Posts: 41

Joined: Wed Sep 12, 2007 3:37 pm

Post Mon Sep 17, 2007 6:09 pm

Re: How to discovery all ip on a network

Host discovery is the very first skill for  a security pro or a hacker. The first thing a hacker does when he goes to a coffee shop is connect to the network and ifconfig and see what dhcp gave him. If his IP is something like 192.168.9.105, then he has an idea of the network range and then will attempt a host discovery. He will first try the default -sS nmap option just to look for low hanging fruit. If anything shows up with -sS or -sT then he knows those might be easier targets. If nothing appears then he steps up his scans. Nmap is the premier open source scanner. There was a tut about it posted on this site  and thats how I found this place  from slashdot, but now its gone. No worries because there are many free nmap tuts out there. Make sure its free, I saw this one dude trying to sell the "secret" of nmap and thats total bs. The only secret is to download and start working with it and not just read about it!
Last edited by EmanoN on Mon Sep 17, 2007 6:16 pm, edited 1 time in total.
<<

KH3

Newbie
Newbie

Posts: 7

Joined: Mon Sep 17, 2007 4:25 pm

Location: Europe

Post Tue Sep 18, 2007 1:14 am

Re: How to discovery all ip on a network

EmanoN wrote:Host discovery is the very first skill for  a security pro or a hacker. The first thing a hacker does when he goes to a coffee shop is connect to the network and ifconfig and see what dhcp gave him. If his IP is something like 192.168.9.105, then he has an idea of the network range and then will attempt a host discovery. He will first try the default -sS nmap option just to look for low hanging fruit. If anything shows up with -sS or -sT then he knows those might be easier targets. If nothing appears then he steps up his scans. Nmap is the premier open source scanner. There was a tut about it posted on this site  and thats how I found this place  from slashdot, but now its gone. No worries because there are many free nmap tuts out there. Make sure its free, I saw this one dude trying to sell the "secret" of nmap and thats total bs. The only secret is to download and start working with it and not just read about it!


Thanks - I know of and use NMAP, the question here is not to discover host on the LAN where you have and ip, but on the coonected WAN. This is on a closed network with branches. So is there a sure and quick way to discover host connected on other segment (via Cisco routers)? I can not asume that that the other ip segment are same class network.
<<

KH3

Newbie
Newbie

Posts: 7

Joined: Mon Sep 17, 2007 4:25 pm

Location: Europe

Post Tue Sep 18, 2007 1:15 am

Re: How to discovery all ip on a network

ChrisG wrote:nmap -sP 192.168.0.0/24


Thanks - I know of and use NMAP, the question here is not to discover host on the LAN where you have and ip, but on the coonected WAN. This is on a closed network with branches. So is there a sure and quick way to discover host connected on other segment (via Cisco routers)? I can not asume that that the other ip segment are same class network.
<<

LSOChris

Post Tue Sep 18, 2007 6:25 am

Re: How to discovery all ip on a network

look at the routing table on the exploited host then.

it should tell you other networks that is/has been using regularly
<<

EmanoN

Newbie
Newbie

Posts: 41

Joined: Wed Sep 12, 2007 3:37 pm

Post Tue Sep 18, 2007 10:39 am

Re: How to discovery all ip on a network

Depending on how the router is configured, you can sometimes use a tool like Proxycap to tunnel through and then run your scans.
<<

termight

User avatar

Newbie
Newbie

Posts: 26

Joined: Tue Aug 21, 2007 5:50 pm

Location: MARS

Post Thu Oct 04, 2007 6:34 pm

Re: How to discovery all ip on a network

i think cain and abel can help u if the router broadcasts protocal updates

also you can do a traceroute to a public IP after you default gateway the next        1 or 2  hops is the wan link interface IP or the network behind ur Default GW

hope this works
>>There Is Always A Blind Spot In
>>Every Software, It's Up To Us To Find It
<<

Diablo22

Newbie
Newbie

Posts: 8

Joined: Thu Sep 20, 2007 10:46 am

Post Fri Oct 05, 2007 7:39 am

Re: How to discovery all ip on a network

Not all routers will allow you to scan their Lan!
<<

termight

User avatar

Newbie
Newbie

Posts: 26

Joined: Tue Aug 21, 2007 5:50 pm

Location: MARS

Post Fri Oct 05, 2007 8:04 am

Re: How to discovery all ip on a network

Diablo22 wrote:Not all routers will allow you to scan their Lan!


yes this is because routers separate broadcast domains, but what ever be the case there will by all means be a next hop. if that next hop ip not the interface to the ISP then you have something to start with.
>>There Is Always A Blind Spot In
>>Every Software, It's Up To Us To Find It
<<

JeffCT

Newbie
Newbie

Posts: 10

Joined: Mon Oct 15, 2007 8:01 pm

Post Mon Oct 15, 2007 8:21 pm

Re: How to discovery all ip on a network

Checking your own IP assigned via DHCP is a good start, and traceroutes. Or, you could just scan all non-routable IPs. They are:

172.16-31.0.0 (or 172.16.0.0/12)
192.168.0.0/16
10.0.0.0/8
CISSP, CEH
<<

KH3

Newbie
Newbie

Posts: 7

Joined: Mon Sep 17, 2007 4:25 pm

Location: Europe

Post Thu Aug 28, 2008 6:15 am

Re: How to discovery all ip on a network

God points and answers :O)

It´s a while ago - but ended up scanning all non routeable subnets anyway (was not the easy solution that I hoped for ) But a clue to others SNMP will give you a pretty god hint of the subnets connected to routers.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software