Do you like this site? Remember to share it to all your friends on Facebook and Twitter!

Sunday, October 20, 2019

Scanning active IPv4 addresses is difficult? Simpler than you think

It is always a best practice to keep full track of all IP address assignments inside our local area network. From time to time, it might also be a good idea for security purposes to check whether we have any hidden nodes inside our network.

To discover any node with active IP addresses inside our network, we might imagine that we must acquire powerful tools such as Cisco Prime Infrastructure before we can achieve anything. In fact, it might be much easier than you have expected. Let me show you how.

All you must have is a Windows 10 PC. I think that should be easy.

Step 1: Start a PowerShell window with normal user privilege

Type “Windows Logo Key ❖ + R”, in the popup dialog, type “powershell”, and press Enter key to start a new PowerShell window.

Step 2: Type in or copy/paste this one-liner, and press Enter key to run

Here is a PowerShell one-liner I tested on my computer.

$ipv4prefix=$(ipconfig | where {$_ -match 'IPv4.+\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.)' } | out-null; $Matches[1]); 0..255 | %{"$ipv4prefix$_"}| % {"$($_): $(Test-Connection -count 1 -quiet -ComputerName $($_))"}

Just in case the variable “$ipv4prefix” is not parsed correctly, or you simply want to scan other networks in different IPv4 prefix, you can manually assign that string. For example, your IP address range is in “192.168.1.X”, you can assign “$ipv4prefix” variable with “192.168.1.”. Please be careful, we need a dot at the end of string. The modified one-liner now becomes like this:

$ipv4prefix="192.168.1."; 0..255 | %{"$ipv4prefix$_"}| % {"$($_): $(Test-Connection -count 1 -quiet -ComputerName $($_))"}

Step 3: Wait for about 5 minutes to finish the scanning and capture your PowerShell window screen.

The output should be something like this screen: False True False False False True

Those lines with “True” result are active IP addresses inside your network. The rest of IP addresses are not responding at all.

If you want to print out only active ones, you can attach filters at the end of previous one-liners with “| Select-String True”. For example:

$ipv4prefix=$(ipconfig | where {$_ -match 'IPv4.+\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.)' } | out-null; $Matches[1]); 0..255 | %{"$ipv4prefix$_"}| % {"$($_): $(Test-Connection -count 1 -quiet -ComputerName $($_))"} | Select-String True

The output should be like this: True True

Playground inside Central Culture Park (中央藝文公園、華山大草原)
Taipei City, Taiwan

One more thing…

In this post I just showed you how easily you can explore your network with simply your Windows 10 PC. You can now imagine that with a Linux desktop we can do even more powerful discovery than this. Here is a one-liner for BASH together with standard tool “awk”:

ipv4prefix="192.168.1."; for i in `seq 1 255`; do ping -c 1 ${ipv4prefix}$i | tr \\n ' ' | awk '/1 received/ {print $2}'; done

Now you have no excuses to say, I cannot do any network exploration until I have Cisco Prime Infrastructure. You can start network discovery right now after reading my post here.

And now you know how easily malicious hackers can find your public IP addresses, and create trouble for you if your public-facing network devices are vulnerable, just like this incident.

Show IP Protocols: Bank lost 1 million US Dollars because of outdated routers

I am Li-Ji Hong. This is my blog “Show IP Protocols”. See you next time!
Do you like this post? You really should consider Subscribing by Email!

Related Posts with Thumbnails

No comments:

Post a Comment

Tip: you can also anonymously comment here.

Popular Posts