There are a thousand and one reasons to chase the neighbors who are typing the inlay on your Wifi. The security of your connected devices, the problems of downloading … But with the recent discovery of a fault in the WPA, you have a very good reason to check what happens in your home… One is never too careful You do not? This is a good opportunity to review orders for those who already know, and a great opportunity to find out for others.

Nmap, for those who do not know, is a port scanner:

It is designed to detect open ports, identify hosted services, and obtain information about the operating system of a remote computer. This software has become a reference for network administrators because the audit of Nmap results provides information on the security of a network. It is available on Windows, Mac OS X, Linux, BSD and Solaris.

It allows to do a lot of trick (for a global overview, RTFM ! In our case, we will use Nmap to scan all the IP addresses of our local network and see which machines are connected to it.

Nmap has a graphical interface, but honestly, it confuses more than anything else… We will install it all on the command line. For those who are under mac, you will have to go through Macports. For those on linux, leave your terminal, we go!

Sudo apt - get install nmap

Once the installation is complete, if you do not know your IP, do a little ifconfig:

ifconfig
eth0       Link encap : Ethernet HWaddr 00 : 19 : db : f8 : b2 : 29   
          inet addr : 192.168 . 0.12 Bcast : 192.168 . 0.255 Mask : 255.255 . 255.0 
          adr inet6 : fe80 :: 217 : dbff : fef4 : b221 / 64 Scope : Link        
          UP BROADCAST RUNNING MULTICAST MTU : 1500 Metric : 1 Packets re ç us : 83608 errors : 0 : 0 overruns : 0 frame : 0 
          TX packets : 23819 errors : 0 dropped : 0 overruns : 0 carrier : 0 
          collisions : 0 lg file transmission : 1000 Bytes re ç  
            
          Us : 18363857 ( 18.3 MB ) Bytes transmitted : 6721613 ( 6.7 MB ) Interruption : 25   
           

Lo         Link encap : Local   loopInet 
          adr : 127.0 . 0.1 Mask : 255.0 . 0.0 
          adr inet6 : :: 1 / 128 Scope : H O you    
          UP LOOPBACK RUNNING MTU : 16436 Metric : 1 Packets re ç us : 304 errors : 0 : 0 overruns : 0 frame : 0 
          TX packets : 304 errors : 0 dropped : 0 overruns : 0 carrier : 0 
          collisions : 0 lg file transmission : 0 bytes re ç us :  
            
          25004 ( 25.0 KB ) Bytes transmitted : 25004 ( 25.0 KB )

My IP is a private IP and my network is 192.168.0.0/24 (if all this does not speak to you too much, I invite you to read a tutorial on subnet masks). It’s time to launch our first scan!

Sudo nmap 192.168 . 0. * - O 

Starting Nmap 5.51 ( http : //nmap.org) at 2017-08-17 00:21 CET Nmap scan report for 192.168 . 0.12 Host is up ( 0.016s latency ). Not shown : 999 filtered ports   
 
 
 
PORT STATE SERVICE
80 / tcp open http
 Warning : OSScan results May be unreliable Because We Could not find at least one open and one closed Port
 Device Type : phone
 Running : Linux 2.6 . X  
  
OS details : Linux 2.6 . 24 ( Andop mobile phone )    

Nmap scan report for 192.168 . 0.13 Host is up ( 0.000050s latency ). All 1000 scanned ports on 192.168 . 0.13 are closed ( 969 ) or filtered ( 31 ) Device type : media device | Phone | General purpose
 Running : Apple iPhone OS 1.X | 2.X | 3.X , Apple Mac 
 
  
   OS X 10.4 . X | 10.5 . X | 10.6 . X
 Too Many fingerprints match this host to give specific details OS
 Network Distance : 0 hops  

Nmap scan report for 192.168 . 0.103 Host is up ( 0.0041s latency ). Not shown : 999 closed ports 
 
 
PORT STATE SERVICE
80 / tcp open http
 Device type : specialized
 Running : Wind River pSOSystem  
OS details : Wind River pSOSystem
 Network Distance : 0 hops    

Nmap scan report for 192.168 . 0.254 Host is up ( 0.0045s latency ). Not shown : 996 filtered ports 
 
 
PORT STATE SERVICE
80 / tcp open http
 554 / tcp open rtsp
 5678 / tcp open CSTR
 9100 / tcp open jetdirect
MAC Address : 00 : 24 : D4 : BE : 8F : DA ( Freebox SA ) Warning : OSScan results May be unreliable Because We Could not find at least one open and one closed Port
 Device Type : broadband router | General purpose
 Running : Linux 2.6 . X 
  
  
OS details : DD - WRT v24 SP2 ( Linux 2.6 . 24 ), Linux 2.6 . 13 - 2.6 . 31 , Linux 2.6 . 18 Network Distance : 1 hop       
  

OS detection performed . Please report any incorrect results at http : //nmap.org/submit/. Nmap done : 256 IP addresses ( 4 hosts up ) scanned in 333.04 seconds 

Some explanations first:

  • Nmap must be run as root for many options, so it’s a good idea to do it all the time
  • You will notice that it can be given the intervals to scan in two ways: 192.68.0. * Or 192.168.0.0/24
  • I used the option -O, it corresponds to the detection of the OS. This is not always very reliable, but it costs nothing, and it can always give a clue

Last line, when Nmap finished its scan, it gives us the number of hosts detected on the total of scanned IP (here 4 hosts on 256 IP). So do not panic if you see more guests than it should. In addition to your computers, smartphones and all the gadgets you may have forgotten to take into account, your router is a network host (in my case the freebox).

History to be sure not to forget anyone, we will complete this first scan by UDP scan, it can help to find the hidden:


Sudo nmap 192.168 . 0.0 / 24 - sU
 Password : 

Starting Nmap 5.51 ( http : //nmap.org) at 2012-01-08 00:55 CET Nmap scan report for wesharethis.com ( 192.168 . 0.12 ) Host is up ( 0.038s latency ). All 1000 scanned ports on buzeo . net ( 192.168 . 0.12 ) are open | filtered   

 
 

Nmap scan report for 192.168 . 0.13 Host is up ( 0.000019s latency ). Not shown : 500 open | Filtered ports , 499 closed ports 
 
  
PORT STATE SERVICE
123 / udp open ntp

Nmap scan report for 192.168 . 0.103 Host is up ( 0.0097s latency ). All 1000 scanned ports on 192.168 . 0.103 are closed 
 
 

Nmap scan report for 192.168 . 0.254 Host is up ( 0.0072s latency ). Not shown : 992 open | Filtered ports 
 
 
PORT STATE SERVICE
68 / udp closed dhcpc
 32769 / udp closed filenet - rpc
 32770 / udp closed Sometimes - RPC4
 32772 / udp closed Sometimes - rpc8
 32775 / udp closed Sometimes - rpc14
 32776 / udp closed Sometimes - rpc16
 32778 / udp closed Sometimes - rpc20
 32780 / udp closed Sometimes - rpc24
MAC Address : 00 : 24 : D4 : BE : 8F : DA ( Freebox SA )

In most cases, you will find the same buddies, but you never know, it can always be wise to try another scanning technique.

Now that you have found the intru (or not), it only remains to proceed by elimination before going out, the baseball bat … even though the golf club, I think it has a lot more class: mrgreen: ! Note that there is also a tool dedicated to the detection and geolocation of intruders on the Wifi network, it is called moocherhunter. The software is based this time not on pings or TCP / UDP requests, like Nmap, but on the traffic of wifi clients, and it is a live CD.

Going back to Nmap, you will understand that this tool is very versatile. Its purpose is not to determine who is present or not on the network, but, as the name suggests, to find ports open on a machine. This little exercise will have allowed you to discover the tool. I leave you now to do your little experiments and marvel at the power of the thing.

Author

Am a tech geek.. Do you wanna know more about me..? My contents will do tell you.

Pin It