#122766 - 2004-07-13 01:12 PM
Enumerate all machines on a subnet
|
nobby
Lurker
Registered: 2004-07-13
Posts: 1
|
Hello, my first ever post!!
We are being torn apart by spyware and all the lovelies that brings. I would have a script that runs at logon to check AV versions, and kazaa and so on, but am worried that some of this comes from peoples plugging other machines onto the network. Is there a way of finding all the active IP'a on a subnet so that then I can feed that array into some functions?
Many thanks
|
|
Top
|
|
|
|
|
#122768 - 2004-07-13 02:26 PM
Re: Enumerate all machines on a subnet
|
Richard H.
Administrator
Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
|
Two tools no network administrator should be without:
- NMAP (www.insecure.org)
Will perform network scans, and do a pretty good job of identifying the hardware. As seen in The Matrix 
It's a bit slower on Windows than Unix, but is still a superb tool. Will save you a lot of effort by identifying printers, routers, switches and so-on which you may not be interested in from a anti-virus perspective.
- Ethereal (www.ethereal.com)
My favorite network packet sniffer. Use this interactively to spot "noisy" devices which are suspicious, or use the text mode "tethereal" in a script to gather active IP addresses. You will need a promiscuous port in a switched environment and it will only monitor traffic which passes through the local network so you will miss peer-to-peer traffic which is entirely in the WAN locale
If you are going the ping route, use a "parallel pinger" to avoid the lengthy run time of single streaming pings - search the board for an example of on of these.
|
|
Top
|
|
|
|
|
#122770 - 2004-07-13 03:05 PM
Re: Enumerate all machines on a subnet
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
I go a parallel ping but I limit it to about 30 machines at a time and I send 2 pings...
Requires WSHPipe(), pping.exe, PortQry.exe (if port scanning is wanted)
Code:
$arrIPs = pping($arrIPs,30)
for each $ip in $arrIPs
Shell 'PortQry.exe -n '+$IP+' -e 135 -nr -q'
if not @error
$nbt= wshpipe('%comspec% /c nbtstat -A '+$ip+' |find "<20>"',1)
$name = trim(substr($nbt[0],5,15))
if $name > ' '
? $name
else
? "unable to resolve "+$ip
endif
else
? $ip+" is not running Windows or has firewall"
endif
next
Function PPing($Array,optional $Number)
Dim $pos, $t, $name, $return, $iter, $run, $ubound
$ubound=ubound($Array)
if not $number $number=$ubound endif
$t=''
While not $pos > $ubound
$run = ''
$iter = 0
Do
$run = $run +' '+ $Array[$pos]
$iter = $iter + 1
$pos = $pos + 1
until $iter > $Number or $pos > $ubound
$return = WshPipe('%comspec% /c pping /report:ok /times:2'+$run+ ' |find " is ok"',1)
if VarType($return) & 8192
for each $Line in $return
$name = trim(split($line)[0])
if $name > ' '
$t=$t+@crlf+$name
endif
next
endif
loop
$PPing=split(substr($t,3),@crlf)
EndFunction
I usually use MOAN() to populate the input array
|
|
Top
|
|
|
|
#122772 - 2004-07-13 04:41 PM
Re: Enumerate all machines on a subnet
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
If we were concerned with traffic, we'd block ebay
|
|
Top
|
|
|
|
|
#122773 - 2004-07-13 05:16 PM
Re: Enumerate all machines on a subnet
|
ADynes
Starting to like KiXtart
Registered: 2003-10-31
Posts: 184
Loc: Ohio
|
I got to the point where I silently installed Spybot 1.3 ( www.safer-networking.org ) on all our PC's through KiXtart a few weeks ago and then ran a scan the following week throguh the scripts again. Huge difference in neusiance calls...
Allan.
|
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 302 anonymous users online.
|
|
|
