Nmap
Some useful nmap scans
Using nmap to inventory a network
The following command with nmap with root privilegies (or using sudo):
sudo nmap -n -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $2;printf " ---> ";printf $1;printf "\n";}'
results in:
00:10:18:5D:B0:10 ---> 192.168.0.1 28:C6:8E:F9:B8:BF ---> 192.168.0.2 28:C6:8E:29:9D:30 ---> 192.168.0.3 ...
(Good luck typing that in by hand...)
Want DNS?:
sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $3;printf " ---> ";printf $1;printf "\n";}'
results in:
00:10:18:5D:B0:10 ---> zathras.tinkernow.net 28:C6:8E:F9:B8:BF ---> switcha.tinkernow.net 28:C6:8E:29:9D:30 ---> wap1.tinkernow.net ...
or both name & address?:
sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $3;printf " ---> ";printf $2;printf "\t";printf $1;printf "\n";}'
results in:
00:10:18:5D:B0:10 ---> (192.168.0.1) zathras.tinkernow.net 28:C6:8E:F9:B8:BF ---> (192.168.0.2) switcha.tinkernow.net 28:C6:8E:29:9D:30 ---> (192.168.0.3) wap1.tinkernow.net ...
But, for some reason, lack of a name causes odd formatting. And, nmap seems to fail to give the mac address of the machine doing the scan.
A rather more elaborate scan
I've built a script that does a thorough scan & catches things missed by the above scan(s).
But it's rather slow...
#!/bin/bash
sudo -v # Get the password demand for sudo over with before clearing the screen
clear
for j in {0..1} # My network is a /23 so I need to cycle through 2 octets
do
for i in {0..255}
do
if [[ $j == 0 && $i == 0 ]] # Don't bother pinging the broadcast address
then
echo Scanning 192.168.0.0/23
else
### Display Categories
if [ $j -eq 0 ]
then
case $i in
1) echo Infrastructure ;;
10) echo Servers ;;
50) echo Mobile ;;
60) echo Sand Boxes ;;
70) echo Desktops ;;
200) echo Udders ;;
*) ;;
esac
fi
if [ $j -eq 1 ]
then
case $i in
0) echo IoT - In Production ;;
100) echo IoT - In Development ;;
200) echo Roaming Devices ;;
*) ;;
esac
fi
### Check Device
if ping -c 1 192.168.$j.$i > /dev/null
then
currentIP=192.168.$j.$i
nmapREPORT=`sudo nmap -sP 192.168.$j.$i`
nmNAME=`echo $nmapREPORT | awk '{printf $15;}'`
nmIP=`echo $nmapREPORT | awk '{printf $16;}' | sed 's/[()]//g'`
nmMAC=`echo $nmapREPORT | awk '{printf $24;}'`
nmMAKER=`echo $nmapREPORT | awk '{printf $25;}'`
if [ ${#nmMAC} -ne "17" ]
then
IPaddress=$currentIP
MACaddress="__:__:__:__:__:__"
MAKER="(________)"
NAME=`host 192.168.$j.$i | awk '{printf $5;}'`
else
IPaddress=$nmIP
MACaddress=$nmMAC
if [ ${#nmMAKER} -lt "6" ]
then
MAKER="$nmMAKER "
else
MAKER=$nmMAKER
fi
NAME=$nmNAME
fi
echo -e "$IPaddress\t$MACaddress $MAKER\t$NAME"
fi
###
fi
done
done