Enumeration net
host detection
nmap
nmap - OS version
netdiscover
arp-scan
Ping Sweep
Ping Sweep (on linux)
Ping Sweep (on windows/cmd)for /L %i in (1 1 254) do @ping -n 1 -w 100 172.16.5.%i | find "Reply"
for /L %i in (1 1 255) do @ping -n 1 -w 172.16.6.%i > nul && echo 172.16.6.%i is up.
#for /L %i in (1,1,255) do @ping -n 1 -w 200 172.16.5.%i > nul && echo 172.16.5.%i is up.
1..254 | % {"172.16.5.$($_): $(Test-Connection -count 1 -comp 172.16.5.$($_) -quiet)"}
1..254 | % {"172.16.6.$($_): $(Test-Connection -count 1 -comp 172.16.6.$($_) -quiet)"}
other
tcpdump
net-creds - source
pktmon.exe
responder - source
fping - source
- a to show targets that are alive
- s to print stats at the end of the scan
- g to generate a target list from the CIDR network
- q to not show per-target results.
subnet mask
math hidden behind /24
| 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 | . | 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 | . | 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 | . | 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | . | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | . | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | . | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
- /24
- 255.255.255.0
- 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255
- 1+1+1+1+1+1+1+1 + 1+1+1+1+1+1+1+1 + 1+1+1+1+1+1+1+1 + 0+0+0+0+0+0+0+0 = 24
subnet cheat sheet
| Subner x.0.0.0 | ||||||||
|---|---|---|---|---|---|---|---|---|
| CIDR | /1 | /2 | /3 | /4 | /5 | /6 | /7 | /8 |
| Hosts | 2,147,483,648 | 1,073,741,824 | 536,870,912 | 268,435,456 | 134,217,728 | 67,108,864 | 33,554,432 | 16,777,216 |
| Subner 255.x.0.0 | ||||||||
| CIDR | /9 | /10 | /11 | /12 | /13 | /14 | /15 | /16 |
| Hosts | 8,388,608 | 4,194,304 | 2,097,152 | 1,048,576 | 524,288 | 262,144 | 131,072 | 65,536 |
| Subner 255.255.x.0 | ||||||||
| CIDR | /17 | /18 | /19 | /20 | /21 | /22 | /23 | /24 |
| Hosts | 32,768 | 16,384 | 8,192 | 4,096 | 2,048 | 1,024 | 512 | 256 |
| Subner 255.255.255.x | ||||||||
| CIDR | /25 | /26 | /27 | /28 | /29 | /30 | /31 | /32 |
| Hosts | 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
| -- | -- | -- | -- | -- | -- | -- | -- | -- |
| Subnet Mask (Replace x) | 128 | 192 | 224 | 240 | 248 | 252 | 254 | 255 |
mask to cidr
| CIDR Length | Mask | Networks | Hosts |
|---|---|---|---|
| /1 | 128.0.0.0 | 128 A | 2,147,483,648 |
| /2 | 192.0.0.0 | 64 A | 1,073,741,824 |
| /3 | 224.0.0.0 | 32 A | 536,870,912 |
| /4 | 240.0.0.0 | 16 A | 268,435,456 |
| /5 | 248.0.0.0 | 8 A | 134,217,728 |
| /6 | 252.0.0.0 | 4 A | 67,108,864 |
| /7 | 254.0.0.0 | 2 A | 33,554,432 |
| /8 | 255.0.0.0 | 1 A | 16,777,216 |
| /9 | 255.128.0.0 | 128 B | 8,388,608 |
| /10 | 255.192.0.0 | 64 B | 4,194,304 |
| /11 | 255.224.0.0 | 32 B | 2,097,152 |
| /12 | 255.240.0.0 | 16 B | 1,048,576 |
| /13 | 255.248.0.0 | 8 B | 524,288 |
| /14 | 255.252.0.0 | 4 B | 262,144 |
| /15 | 255.254.0.0 | 2 B | 131,072 |
| /16 | 255.255.0.0 | 1 B | 65,536 |
| /17 | 255.255.128.0 | 128 C | 32,768 |
| /18 | 255.255.192.0 | 64 C | 16,384 |
| /19 | 255.255.224.0 | 32 C | 8,192 |
| /20 | 255.255.240.0 | 16 C | 4,096 |
| /21 | 255.255.248.0 | 8 C | 2,048 |
| /22 | 255.255.252.0 | 4 C | 1,024 |
| /23 | 255.255.254.0 | 2 C | 512 |
| /24 | 255.255.255.0 | 1 C | 256 |
| /25 | 255.255.255.128 | 2 subnets | 128 |
| /26 | 255.255.255.192 | 4 subnets | 64 |
| /27 | 255.255.255.224 | 8 subnets | 32 |
| /28 | 255.255.255.240 | 16 subnets | 16 |
| /29 | 255.255.255.248 | 32 subnets | 8 |
| /30 | 255.255.255.252 | 64 subnets | 4 |
| /31 | 255.255.255.254 | 128 subnets | 2 |
| /32 | 255.255.255.255 | 1/256 C | 1 |