Category: Pentesting

[PenTest] Network Mapping

===============================================================

DISCLAIMERĀ 

You should NEVER run any of the tools that are shown on my blog or on any of the IP addresses I’ve used for illustrative purposes without proper authorisation to do so.

================================================================

So you want to see what hosts are alive on a network that you have been asked to Pen Test. After you’ve done some reconnaissance you have an IP range of 100.10.0.0/16 that is used by the network in question. There are a couple of tools that will do the job for us here, they are fping and nmap. The focus of this blog post will be the fping tool a separate blog post will show the nmap tool.

fping is a ping sweep tool. If we were to try and test each of the IP addresses in the 100.10.0.0/16 range using traditional ping it would take a very long time.

fping is installed by default on Kali Linux if you are running a different flavour of Linux you can run the apt-get command to install it.

#sudo apt-get install fping

To use fping it is straightforward. I will use my own local Wifi address range to test what addresses are alive in the 192.168.88.0/24 range.

#fping -a -g 192.168.88.0/24

the -a option is used to only show addresses that are alive.

the -g option tells the tool that it is a ping sweep that needs to be carried out instead of a traditional ping test.

fping

As you can see there are many IP addresses in use from that range. This is very useful information as we now know what IP addresses have been assigned to a device in the network they might be servers or hosts more on how to find that out in the next blog post using the nmap tool.

Note when using the fping tool on a LAN or WLAN you are connected to you will get [ICMP Host Unreachable] messages for IP addresses that aren’t in use. If you do not want to see these displayed in the output you can send the standard out errors to /dev/null using the following command.

#fping -a -g 192.168.88.0/24 2>/dev/null

In my next blog post, I will show you a very very powerful tool called nmap that does the same as fping and a lot lot more.