How To’s: Scanning & Identifying Network Nodes
Hello fellow Wolves! I want to introduce a new segment to my Cyber-Blog~! And it is called How To’s. “How To’s:” Will be a lovely segment of the blog where I actually just note down how to execute a project and I just give you the steps one by one. I will start off with a few beginner friendly projects and then I want to progress to harder & expert-level projects so everyone could enjoy or just want to learn in general! I hope you guys love it, I do not do any of this for nothing but out of love for Cybersecurity so come join me! And show some love, that is all I want to ask of you! Please & thank you, and Enjoy Wolves ~ 🐺🚨
First thing is first, What is Scanning and is it important?
Scanning is the process of sending out packets that contain information about your system. These packets are sent to different IP addresses in order to find out which ones are valid and which ones are not. This process can be accomplished using two different methods: active scanning and passive scanning.
Active scanning involves sending out packets that contain data that is designed to elicit a response from the target machine. This type of scanning is useful for identifying open ports on a target machine, as well as determining the operating system being used.
Passive scanning does not involve sending any packets at all, but instead relies on analyzing the responses that come back from other machines on the network. In passive scanning, there will be some form of communication between two or more systems before an attack takes place.
Ok, Understood. But How & Why … Network Node? What are they?
A network node is a device that connects to a computer network. A node can be a host (a computer or other device with an IP address), or any other system that has an IP address and can communicate with other nodes on the network.
There are two main types of network nodes: end systems and intermediate systems. An end system is any device that directly communicates with other end systems, such as a personal computer or mobile phone. An intermediate system is any device that does not communicate directly with other end systems but instead relays information between them, such as a router or switch.
In a network it is important to know who your nodes are. If you don’t know what devices are attached to your network, you won’t be able to keep them up-to-date or secure them properly.
Project-Time : Identify Local Network Configuration..
Determine the configuration of the local host and its subnet, using tools such as ifconfig, ip, arp, netdiscover, and pathping.
- Login Obviously to Kali ( I like parrot a little better) VM & Open up the terminal.
2. Run the ifconfig command to display the interface configuration. *Note the IP address assigned eth0 interface.
3. Run the ip a command to display the same information using the newer ip a tool.
4. Run the “ ip route show “ command to identify the default gateway… Because the network uses DHCP to provide client addresses, the local machine has been configured with a default gateway address automatically. * default via …. *
5. Run the arp -a command to check the ARP cache to display other hosts local to this subnet. (format 1.2.3.4)
6. Run the ip neighbor command to display similar information similar information using the newer ip tool. — The ARP cache shows only machines that have communicated with the local host. To verify whether any other hosts ar present, you can perform a “sweep” of the local network. One means of doing this is to use ping in a for/next loop. You can also use the netdiscover tool bundled with Kali.
7. Run the following command to scan the network by using netdiscover. * netdiscover -i eth0 -r 10.1.2.3./12 (ip format example) *
8. The netdiscover may take up to two minutes to complete after it reports as Finished.
9. How many hosts were found by netdiscover? * ask yourself *.
10. Press q to exit the Netdiscover report and return to the command prompt.
Run netdiscover -h to view the help page. The tool can operate in a passive mode, but you do not need to be stealthy, so you will run an active scan.
11. Switch to the another VM (DC1 in my case) and start the command prompt(admin).
12. Run command ipconfig .
13. Ask yourself, what is the IP address for this VM? (format should be something like 1.2.3.4)
14. Run this command to test the reliability (packet loss) and latency (delay) of the connection between the “new VM” and the first Kali VM.
Run: pathping 1.2.3.4 — IP example (test takes up 30–45 seconds to run)
15. Notice/ ask yourself.. What percentage of packets where lost during this test? (Reply with values such as 0%, 50%, 100%, and etc. . )
16. The two machines are not very far apart on the network — on the same subnet in fact. If you run pathping against network nodes that have several routers between them, the utility displays lost packets along the route, which helps to clarify where network communications might be unreliable. For example, from a Windows computer with Internet access, you could run pathping 8.8.8.8 to trace the route to the servers running Google’s DNS service.
~ FIN ~
Conclusion
In conclusion, this is a very beginner project and I think you must be absolute great with the fundamentals. That being said, I would love any feedback! I absolutely love the Cybersecurity communities and I would love to expand so please show some love and let’s get involved! I hope you love this segment, BigBadWolf Outtie!
Your Truly,
~TheBigBadWolfNews
