Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Figure out live hosts on a network

  1. #1
    Junior Member
    Join Date
    Feb 2004
    Posts
    10

    Figure out live hosts on a network

    I'm trying to figure out the best way to find all live hosts on a Class C network.

    1. What is the best way to figure out all the subnets that are being used?

    2. Assuming that ICMP is allowed, would using something like Hping be more efficient, or NMap?

  2. #2
    Senior Member
    Join Date
    Feb 2002
    Posts
    114
    Try superscan this is my fave or if you have access to the server you should know what IP addys are allocated where
    [pong][gloworange]665[/gloworange] Next door to the [glowpurple]devil[/glowpurple][/pong]

  3. #3
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Why not try a simple ping freeware utility such as Grims Ping. I found this at Webattack, you can try searching that site for something that meets your requirements.

    Cheers:
    DjM

  4. #4
    Junior Member
    Join Date
    Feb 2004
    Posts
    10

    Thanks But....

    Cool tool, I'll check it out. Guess, I should explain myself a little better. I'm trying to create my own "auto" audit CD for teaching myself more. I kinda know what I wanna do, but still need to figure out how to do things.

    The first thing I wanted to do was to make a bootable cd (done)
    Second thing I wanted was to make the cd scan to see what live IP's are out there and put into a text file (currently working on).

    Command line tools are best, since it will need to be scriptable. Thats why I wanna figure out the best way to find all live subnets first. (kinda funny to have it scan the entire class C, if I only have 3 or 4 boxes on my test network).

    Hope this gives a little more insight into my thinking.

    thanks again
    rt

  5. #5
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Unless you have setup your switches to block it, you could probably get them by pinging the network or broadcast address...

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  6. #6
    Senior Member
    Join Date
    Nov 2003
    Posts
    247
    Finding out hosts, subnets, and IP Ranges? May I suggest the host command?

    I wrote a tutorial about it here: http://antionline.com/showthread.php?s=&threadid=251763

    I also bumped it up for you.

    Not sure if this is exactly what you're looking for, but I hope it'll help.
    www.ADigitalPimp.com
    There is a ghost in the machine, and he is my friend.

  7. #7
    Junior Member
    Join Date
    Feb 2004
    Posts
    10
    Galen-

    GREAT tutorial, very useful for footprinting.

    I'm looking for a more automated way to footprint (ie. find out if IP addresses are live, then scan each of the addresses).

    any other suggestions?

    thanks
    rt

  8. #8
    Junior Member
    Join Date
    Feb 2004
    Posts
    10

    Pinging broadcast address

    Nebulus-

    I had thought of that, something like pinging all the xxx.xxx.xxx.255 addresses. However, how would you do that. Lets say I pinged a 192.168.0.255 address. Would that broadcast it to the entire 192.168.0.xxx address and return the response to my IP address?

  9. #9
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356

    Re: Pinging broadcast address

    Originally posted here by randytester
    Nebulus-

    I had thought of that, something like pinging all the xxx.xxx.xxx.255 addresses. However, how would you do that. Lets say I pinged a 192.168.0.255 address. Would that broadcast it to the entire 192.168.0.xxx address and return the response to my IP address?
    Depends a little on your setup, but yes. .255 means every computer on the network (C level)...technically so does .0 ...

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  10. #10
    Junior Member
    Join Date
    Feb 2004
    Posts
    10

    Hmmm

    Okay,

    I tested on my network:

    I pinged my 192.168.0.1 address, got a response
    I pinged my 192.168.0.2 address, got a response
    I pinged my 192.168.0.255 address, got the request timed out msg.

    This is all on the same hub, and both on the 255.255.255.0 subnet

    what am i missing?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •