March 2nd, 2013 06:54 PM
network scanning..the right way...
What I cant seem to figure out is well. Say im at home and I fire up wireshark and start monitoring on wlan0, what I see is it only monitoring what im doing on this computer,none of the others, can this be changed without rerouting the traffic in iptables? second, say im using nmap and want to do a scan of my network and I know that my internal ip is 192.168.1.123 so I assume scan 192.168.0.0/24 ? third, say im at my brothers and I get an internal ip of 172.16.254.202 do I assume scan 172.16.0.0/24? fourth say, im at my house and my brother is having some network issues and I need to trouble shoot from my LAN to his, would I then scan his routers ip address? I just can't seem to figure out how this works: in wifi I get a dynamic ip for lease that would have there network prefix,subnet number in it and I'd get a host number at the end.STOP! how could this possibly work, with a max of 6 digits in there(Networkprefix,subnet#) how could that work globally? it don't add up to me, even if just the routers are actually communicating with the wire. All that aside I think it's a fair question, please shine some light on this subject for me (eys I do know about IPv6) but just cant get a grasp on this current situation.
advice would be greatly appreciated
May 13th, 2013 08:28 PM
You're lacking a bit of understanding of how NAT functions in some of your questions which is causing you some confusion I think. I'll try and go through one question at a time and forgive me if I miss anything.
1) Remember that switches direct traffic from your computer right to the router and back again, unlike hubs where you would see all the traffic on the network. Essentially with a network switch you're seeing ONLY the traffic flowing back and forth between your computer and the devices you're sending/receiving from. Switches are smart that way, they'll direct traffic right to you.
2) NAT works by utilizing two different networks - one the larger Internet WAN and a local network (your 192 or 172 network) with a router that directs traffic between them. If you were to use nmap with a /24 you would be only scanning everything from 0-255 in the last digit of the IP address. SO for example if your IP is 192.168.1.123 and you type nmap 192.168.0.0/24 you're doing a scan of computers between 192.168.0.0 and 192.168.0.255 - which would be why you would get no results. Try nmap 192.168.1.0/24 and you should see a result from your own PC
3) As I said with NAT essentially you have two IP addresses - one on your own local network (the 192) and one given to your router that operates globally on the internet. Go to Google and check out whatsmyip.org to see what I'm talking about.
May 17th, 2013 10:37 PM
It is possible to use ARP spoofing/poisoning to capture traffic on a switched network. Look up 'man in the middle' attacks. It is a pretty interesting concept. There are some free utilities that you can play around with as well. Ettercap on Linux, and Cain&Abel on Windows are two that come to mind.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
By d34dl0k1 in forum Network Security Discussions
Last Post: September 18th, 2008, 09:39 PM
By thehorse13 in forum Network Security Discussions
Last Post: June 1st, 2003, 02:03 AM
By redhawk14506 in forum IDS & Scanner Discussions
Last Post: June 1st, 2003, 01:42 AM
By turin in forum Newbie Security Questions
Last Post: July 2nd, 2002, 02:04 AM