nmap scanning

One of the most useful tools for IP networks is nmap, available as an open source command line program, with various "graphical" front ends for the different platforms. Here's how to do a quick network scan of your wireless router to see what machines are using your air space, and then what services are available on each box. I use two commands. Use sudo to ensure you get all the info:

sudo nmap -sP 192.168.X.*

then,

sudo nmap -sV 192.168.X.Y

You'll need to replace X and Y with the correct numbers for your router. To find out what IP address space you are in, run ifconfig (UNIX/Mac) or ipconfig for Windows at the command prompt. Ping Scan Here's the nmap command to ping all the devices attached to your router, including wireless connections (nmap doesn't care how the devices are attached to the router): sudo nmap -sP 192.168.X.* This checks all 256 addresses in the Class-C address space 192.168.X, where X is an integer from 0 to 255. Most retail browsers use this type of address space; a high-end corporate or data center router might use a Class B address. 192.168 is a private, reserved Class B network that limits access to the addresses inside from external visitors by default. See Private Network (http://en.wikipedia.org/wiki/Private_network) for all the geeky details. So, here's how to ping scan all the devices attached to your router: neil@shubuntu:~$ sudo nmap -sP 192.168.3.* [sudo] password for neil: Starting Nmap 4.53 ( http://insecure.org ) at 2008-07-25 14:54 EDT Host 192.168.3.1 appears to be up. MAC Address: 00:17:3F:45:09:30 (Belkin) Host 192.168.3.3 appears to be up. MAC Address: 00:1E:52:76:17:CC (Apple) Host 192.168.3.5 appears to be up. Host 192.168.3.7 appears to be up. MAC Address: 00:E0:29:86:CE:02 (Standard Microsystems) Host 192.168.3.8 appears to be up. MAC Address: 00:0D:93:EA:68:2F (Apple Computer) Host 192.168.3.9 appears to be up. MAC Address: 00:19:1D:F6:63:C6 (Nintendo Co.) Nmap done: 256 IP addresses (6 hosts up) scanned in 11.005 seconds Version Scan Now that you know what's out there, responding, you can check each address to see what services are running on each box. This is particularly useful for diagnosing problems, or identifying an intruder. Let's take a closer look at the Macs on the network: neil@shubuntu:~$ sudo nmap -sV 192.168.X.3 Starting Nmap 4.53 ( http://insecure.org ) at 2008-07-25 13:53 EDT Interesting ports on 192.168.X.3: Not shown: 1710 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.7 (protocol 2.0) 88/tcp open kerberos-sec Mac OS X kerberos-sec 548/tcp open afp Apple AFP (name: SilverSurfer; protocol 3.2; Max OS X 10.4/10.5) 5900/tcp open vnc Apple remote desktop vnc MAC Address: 00:1E:52:76:17:CC (Apple) Service Info: OS: Mac OS X Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ . Nmap done: 1 IP address (1 host up) scanned in 18.634 seconds neil@shubuntu:~$ sudo nmap -sV 192.168.X.8 Starting Nmap 4.53 ( http://insecure.org ) at 2008-07-25 13:55 EDT Interesting ports on 192.168.X.8: Not shown: 1713 filtered ports PORT STATE SERVICE VERSION 548/tcp open afp Apple AFP (name: gforce; protocol 3.2; Max OS X 10.4/10.5) MAC Address: 00:0D:93:EA:68:2F (Apple Computer) Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ . Nmap done: 1 IP address (1 host up) scanned in 52.679 seconds