linux poison RSS
linux poison Email

First step in hacking - know your neighboring machines

The simplest way I can do is use ping, I can send a broadcast packet to everyone in a subnet, so that they can response back. Let say I am in subnet of 192.168.0.x and the broadcast IP is 192.168.0.255, I can do this:

ping -b 192.168.0.255

How I know the broadcast IP is 192.168.0.255? I can check with ifconfig.

ifconfig eth0 | grep Bcast

Some routers are configured to filter broadcast and multicast packets to prevent broadcast storm, if so, broadcast is useless.

So what are the alternatives way?

I can ping the IP one by one with a line of bash script.

for ((i=1;i<255;i++));>

The result will look like this:

--- 192.168.0.1 ping statistics ---
--- 192.168.0.2 ping statistics ---
--- 192.168.0.3 ping statistics ---
--- 192.168.0.4 ping statistics ---
64 bytes from 192.168.0.5: icmp_seq=1 ttl=249 time=11.0 ms
--- 192.168.0.5 ping statistics ---
64 bytes from 192.168.0.6: icmp_seq=1 ttl=248 time=12.3 ms
--- 192.168.0.6 ping statistics ---
--- 192.168.0.7 ping statistics ---
--- 192.168.0.8 ping statistics ---
--- 192.168.0.9 ping statistics ---
--- 192.168.0.10 ping statistics ---
--- 192.168.0.11 ping statistics ---

Let me explain the ping options I use, -c (count) indicates how many attempt of ping for a single IP, -W specified the timeout in second, ping will waits until timeout to declare the attempt is fail.

From the sample results, I discovered 192.168.0.5 and 192.168.0.6.

Due to the limitation of ping, I can’t specified the timeout less than 1 seconds, to scan a class C LAN, it may takes up 255 seconds, which is extremely slow.



0 comments:

Post a Comment

Related Posts with Thumbnails