To discover any node with active IP addresses inside our network, we might imagine that we must acquire powerful tools such as Cisco Prime Infrastructure before we can achieve anything. In fact, it might be much easier than you have expected. Let me show you how.
All you must have is a Windows 10 PC. I think that should be easy.
Step 1: Start a PowerShell window with normal user privilege
Type “Windows Logo Key ❖ + R”, in the popup dialog, type “powershell”, and press Enter key to start a new PowerShell window.
Step 2: Type in or copy/paste this one-liner, and press Enter key to run
Here is a PowerShell one-liner I tested on my computer.
$ipv4prefix=$(ipconfig | where {$_ -match 'IPv4.+\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.)' } | out-null; $Matches[1]); 0..255 | %{"$ipv4prefix$_"}| % {"$($_): $(Test-Connection -count 1 -quiet -ComputerName $($_))"}
Just in case the variable “$ipv4prefix” is not parsed correctly, or you simply want to scan other networks in different IPv4 prefix, you can manually assign that string. For example, your IP address range is in “192.168.1.X”, you can assign “$ipv4prefix” variable with “192.168.1.”. Please be careful, we need a dot at the end of string. The modified one-liner now becomes like this:
$ipv4prefix="192.168.1."; 0..255 | %{"$ipv4prefix$_"}| % {"$($_): $(Test-Connection -count 1 -quiet -ComputerName $($_))"}
Step 3: Wait for about 5 minutes to finish the scanning and capture your PowerShell window screen.
The output should be something like this screen:
192.168.1.0: False
192.168.1.1: True
192.168.1.2: False
192.168.1.3: False
192.168.1.4: False
192.168.1.5: True
…
Those lines with “True” result are active IP addresses inside your network. The rest of IP addresses are not responding at all.
If you want to print out only active ones, you can attach filters at the end of previous one-liners with “| Select-String True”. For example:
$ipv4prefix=$(ipconfig | where {$_ -match 'IPv4.+\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.)' } | out-null; $Matches[1]); 0..255 | %{"$ipv4prefix$_"}| % {"$($_): $(Test-Connection -count 1 -quiet -ComputerName $($_))"} | Select-String True
The output should be like this:
192.168.1.1: True
192.168.1.5: True
…
|
| Playground inside Central Culture Park (中央藝文公園、華山大草原) Taipei City, Taiwan |
One more thing…
In this post I just showed you how easily you can explore your network with simply your Windows 10 PC. You can now imagine that with a Linux desktop we can do even more powerful discovery than this. Here is a one-liner for BASH together with standard tool “awk”:
ipv4prefix="192.168.1."; for i in `seq 1 255`; do ping -c 1 ${ipv4prefix}$i | tr \\n ' ' | awk '/1 received/ {print $2}'; done
Now you have no excuses to say, I cannot do any network exploration until I have Cisco Prime Infrastructure. You can start network discovery right now after reading my post here.
And now you know how easily malicious hackers can find your public IP addresses, and create trouble for you if your public-facing network devices are vulnerable, just like this incident.
Show IP Protocols: Bank lost 1 million US Dollars because of outdated routers
I am Li-Ji Hong. This is my blog “Show IP Protocols”. See you next time!
No comments:
Post a Comment
Tip: you can also anonymously comment here.