Red October network discovery.

The basis of this article is based on the dialog from the movie known as "The hunt for the Red October". In the movie, one of the key lines was I think "One ping and one ping only". Pinging was a method by submarines equipped with sonar to detect what is around them. Normally you would use more than one ping. In computing we also have a program called ping that does the same thing to detect what is around on the network. There is a very powerful program called nmap that usually automates such activity. That usually takes some kind of administrative power to implement. We will be using a simple linux batch file (could be easily converted to other platforms) to detect what is around us. This tool is perfect for the home network. It will probably not detect what is known as "Man in the middle devices", but at least you can see the visible systems on your network.

The code.

ping.sh: (do not forget "chmod +x ping.sh)
[code]
for i in {1..254}
do
ping 192.168.1.$i -c1 -w1 -v | grep "icmp_seq=1"
done
[/code]

If you have a different network, you will have to change "192.168.1" accordingly, here again we are using the good old "grep" command to extract data from the return stream. it is our sonar scope. Let's run it.

$ ./ping.sh
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.852 ms
64 bytes from 192.168.1.31: icmp_seq=1 ttl=64 time=0.260 ms
64 bytes from 192.168.1.99: icmp_seq=1 ttl=255 time=2.75 ms
64 bytes from 192.168.1.109: icmp_seq=1 ttl=64 time=0.261 ms
64 bytes from 192.168.1.115: icmp_seq=1 ttl=64 time=0.064 ms
$ _

Ok, there are five devices on the network. We need to know more. There is what is call DNS or "Domain naming service". We can use the router to tell us what the ipaddresses maybe are known as.

The code.

nslookup.sh: (Do not forget to make it executable with chmod +x nslookup.sh")
[code]
for i in {1..254}
do
nslookup 192.168.1.$i | grep name
done
[/code]

Let's run it.
$ ./nslookup.sh
1.1.168.192.in-addr.arpa name = my_network.
10.1.168.192.in-addr.arpa name = router2.
20.1.168.192.in-addr.arpa name = router3.
31.1.168.192.in-addr.arpa name = oesrvr1.
115.1.168.192.in-addr.arpa name = oesrvr104
$_

Notice the ipadresses are backwards, but we still can identify units on the network from the list. Two devices show up known as router2 and router3. I know that they are not connected to the network at this time. They just have reserved names in the router. The unit at 99 is actually the print server and should have a reserved name in the router, I can take care of that later. 109 is a temp machine I have set up to test some software. Now if there were any unknown numbers, they would need to be investigated immediately. Again you would need to change "192.168.1." to work with your network.

There you are, two simple tools to check on your network.

Comments

Popular posts from this blog

Guiless?

MSOffice vs Libreoffice

Raspberry pi zero.