Universal range IP scanning utility

W

Willie Trombone

Honorary Master
Joined
Jul 18, 2008
Messages
60,038
Is there a utility that allows you to scan across multiple ranges - linux live distro or Windoze? I mean seriously, if I wanted to find the IP of a router on a LAN, why do I have to know the subnet - it's all logical anyhow. Why can't I just scan from 10.0.0.1 to 192.168.254.254 for example...
Anyone know if this is possible? I imagine software wise you could specify the interface to scan with then specify the range and it could adjust your IP address to the various ranges as it scans...

I don't mind the fact that it will take hours, I just need to run it and leave it for a bit...
 
AntiThesis

AntiThesis

Executive Member
Joined
Jul 30, 2005
Messages
5,583
Surely if you're on the LAN you should be able to glean some information about the ranges used? It would take some time to scan through every range from 10.0.x.x to 192.168.x.x
 
ponder

ponder

Honorary Master
Joined
Jan 22, 2005
Messages
92,825
BradBowlLlama said:
Is there a utility that allows you to scan across multiple ranges - linux live distro or Windoze? I mean seriously, if I wanted to find the IP of a router on a LAN, why do I have to know the subnet - it's all logical anyhow. Why can't I just scan from 10.0.0.1 to 192.168.254.254 for example...
Anyone know if this is possible? I imagine software wise you could specify the interface to scan with then specify the range and it could adjust your IP address to the various ranges as it scans...

I don't mind the fact that it will take hours, I just need to run it and leave it for a bit...
Click to expand...

What do you do when you have VLSM implement as is the case in most corporate networks or the internet?
 
H

HavocXphere

Honorary Master
Joined
Oct 19, 2007
Messages
33,155
If netcat can't do it then it probably can't be done. I certainly don't recall specifying a subnet while using it, but I might just have missed something.
 
S

syntax

Executive Member
Joined
May 16, 2008
Messages
8,656
BradBowlLlama said:
Is there a utility that allows you to scan across multiple ranges - linux live distro or Windoze? I mean seriously, if I wanted to find the IP of a router on a LAN, why do I have to know the subnet - it's all logical anyhow. Why can't I just scan from 10.0.0.1 to 192.168.254.254 for example...
Anyone know if this is possible? I imagine software wise you could specify the interface to scan with then specify the range and it could adjust your IP address to the various ranges as it scans...

I don't mind the fact that it will take hours, I just need to run it and leave it for a bit...
Click to expand...

Firstly, scanning without permission is illegal, and doing so will get you in trouble.
Secondly, what kind of scans are you looking to do? Quick scans/known ports? Full tcp/udp scans?
Full scans on an entire class C will take more than just a few hours....with proper reliable tools it will take you over a day
Lastly, its unlikely you will make it past your first hop in any kind of half decent environment...

What exactly are you wanting to do here? It doesnt sound good...
 
W

Willie Trombone

Honorary Master
Joined
Jul 18, 2008
Messages
60,038
tau1z said:
Firstly, scanning without permission is illegal, and doing so will get you in trouble.
Secondly, what kind of scans are you looking to do? Quick scans/known ports? Full tcp/udp scans?
Full scans on an entire class C will take more than just a few hours....with proper reliable tools it will take you over a day
Lastly, its unlikely you will make it past your first hop in any kind of half decent environment...

What exactly are you wanting to do here? It doesnt sound good...
Click to expand...

Oh good grief ROFL @ you people. IT'S MY LAN AND I WANT TO KNOW THE IP OF THE ROUTER WITHOUT RESETTING THE THING...
Someone else set it up.
*Cough*
I give you my word that you can sleep well tonight if you know the answer and PM me (if you really feel like you're doing the world a disservice by posting it publically).

Anyway, if I were on client support and had to map out an entirely new lan for future support, it would be nice to know that there's a scanner that can glean the whole system in a matter of hours while I do other stuff. Funny that it's a logical hurdle that hasn't been overcome... I imagine it can be done with a linux script, I'll work on that.
 
Last edited:
W

Willie Trombone

Honorary Master
Joined
Jul 18, 2008
Messages
60,038
HavocXphere said:
If netcat can't do it then it probably can't be done. I certainly don't recall specifying a subnet while using it, but I might just have missed something.
Click to expand...

Thanks, Norton is telling me it's bad software ha ha ha... I'll add it to the exception list - if my AV says it's bad then chances are it will do what I want... although I'm willing to bet under linux better then windoze.
 
P

PallBearer

Well-Known Member
Joined
Sep 18, 2009
Messages
260
solarwinds has a free utility called pingsweep.
Does any range you want...but it pings each individual ip range.

if the router is online, then you should try sweeping the snmp range first.

Solarwinds has a range of other tools as well...search thier site.
 
T

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,196
@OP - Have you checked the manual of the router? Usually the manual states the default IP of the router. Might be that it still is on its default IP...

I know your pain with this sort of thing... good luck :)

Next thing you'll probably ask is a password sniffer utility :)
 
S

syntax

Executive Member
Joined
May 16, 2008
Messages
8,656
BradBowlLlama said:
Oh good grief ROFL @ you people. IT'S MY LAN AND I WANT TO KNOW THE IP OF THE ROUTER WITHOUT RESETTING THE THING...
Someone else set it up.
*Cough*
I give you my word that you can sleep well tonight if you know the answer and PM me (if you really feel like you're doing the world a disservice by posting it publically).

Anyway, if I were on client support and had to map out an entirely new lan for future support, it would be nice to know that there's a scanner that can glean the whole system in a matter of hours while I do other stuff. Funny that it's a logical hurdle that hasn't been overcome... I imagine it can be done with a linux script, I'll work on that.
Click to expand...

If its on the local lan and has a local ip on that lan, then you can use a simple ping sweep of udp/tcp fast port scans , if you have no clue what subnet or ip range it is on, reset the box.

As for mapping out a new network at a customer, this is easily done using routing tables on the routers/firewalls themselves. With that you can draw a diagram without ever having set foot into the premisis. Scans would not be on my list of things to do...
 
ponder

ponder

Honorary Master
Joined
Jan 22, 2005
Messages
92,825
BradBowlLlama said:
Oh good grief ROFL @ you people. IT'S MY LAN AND I WANT TO KNOW THE IP OF THE ROUTER WITHOUT RESETTING THE THING...
Someone else set it up.
*Cough*
I give you my word that you can sleep well tonight if you know the answer and PM me (if you really feel like you're doing the world a disservice by posting it publically).
Click to expand...

So is it save to assume that everything is working then (via dhcp) you just don't know the IP of the router?

If that is the case in Windows go Start->Run->Type in cmd->In the window that opens type ipconfig /all

In the output that follows look for "Default Gateway"
 
W

Willie Trombone

Honorary Master
Joined
Jul 18, 2008
Messages
60,038
ponder said:
So is it save to assume that everything is working then (via dhcp) you just don't know the IP of the router?

If that is the case in Windows go Start->Run->Type in cmd->In the window that opens type ipconfig /all

In the output that follows look for "Default Gateway"
Click to expand...
There is a difference between this router's routing interface and it's admin interface. Won't work unfortunately. Besides, the exercise is to find software that will do the whole shebang in one mighty scan.
 
Last edited:
W

Willie Trombone

Honorary Master
Joined
Jul 18, 2008
Messages
60,038
tau1z said:
If its on the local lan and has a local ip on that lan, then you can use a simple ping sweep of udp/tcp fast port scans , if you have no clue what subnet or ip range it is on, reset the box.
Click to expand...
Pingsweep is spot on for the units that aren't blocking ping. Trying to avoid the reset and trying to do a pingsweep of a range outside normal netmasks. Funny how it's just not possible and yet it should be - it's only a logical hurdle.

As for mapping out a new network at a customer, this is easily done using routing tables on the routers/firewalls themselves. With that you can draw a diagram without ever having set foot into the premisis. Scans would not be on my list of things to do...
Click to expand...
Very roundabout way and it'll help nothing for units with static IP and no reference to the routers. You can't assume everything is configured right or even on the same subnet as your routers and stuff.

I think the easiest way is to simply run wireshark and connect the backbone to it's switch via a plain old fashioned hub for a bit and see what source IPs are talking. Most units will acknowledge their presence at some point. Having said that, it may be a pain to filter out the external traffic... perhaps listing by IP will give us a clue anyhow... it's prolly the easiest method.

In linux I can just start with a large a class range and then change the ip and continue in the next range and so on until I've covered the most logical ones... all done from a script with text file output so it can be automated. Much easier I think. Backtrack on my flashdrive will do the trick. Funny that one would think there's out of the box s/ware to do this stuff.
 
Last edited:
W

Willie Trombone

Honorary Master
Joined
Jul 18, 2008
Messages
60,038
nic777 said:
I used this with some success before: http://www.parseerror.com/lanmap/

It works differently though, listens on network not ping scan.

Will let you know if I find something else
Click to expand...

Nic - I think you're on the right track... similar to what I was thinking with wireshark... seems the most logical way to do it IMO. Hopefully the listening daemon for the router's admin interface talks out at some point... perhaps when restarting...
Thanks!
 
S

syntax

Executive Member
Joined
May 16, 2008
Messages
8,656
BradBowlLlama said:
Pingsweep is spot on for the units that aren't blocking ping. Trying to avoid the reset and trying to do a pingsweep of a range outside normal netmasks. Funny how it's just not possible and yet it should be - it's only a logical hurdle.

Very roundabout way and it'll help nothing for units with static IP and no reference to the routers. You can't assume everything is configured right or even on the same subnet as your routers and stuff.

I think the easiest way is to simply run wireshark and connect the backbone to it's switch via a plain old fashioned hub for a bit and see what source IPs are talking. Most units will acknowledge their presence at some point. Having said that, it may be a pain to filter out the external traffic... perhaps listing by IP will give us a clue anyhow... it's prolly the easiest method.

In linux I can just start with a large a class range and then change the ip and continue in the next range and so on until I've covered the most logical ones... all done from a script with text file output so it can be automated. Much easier I think. Backtrack on my flashdrive will do the trick. Funny that one would think there's out of the box s/ware to do this stuff.
Click to expand...

sorry, i meant ping sweep or udp/tcp fast port scans using something like nmap...but if you dont know the range its on...then ur gonna suffer...i would still just reset it...

i think we look at lans differently, i dont really bother about individual machines..i bother about networks/vlans as whole units......

filtering by wireshark will get very tedious....
 
P

PallBearer

Well-Known Member
Joined
Sep 18, 2009
Messages
260
why dont you just telnet to the console port?!?

if you can't get into the console port with a username/password then you better off resetting the device
 
You must log in or register to reply here.
Top