Network Mapping

Info

Level: Beginner
Presenter: Eli the Computer Guy
Date Created: November 9, 2010
Length of Class: 51 Minutes
Tracks

Networking
Hacking
Computer Security /Integrity
Prerequisites

Introduction to Networking
Purpose of Class

This class teaches students how to map a local network.
Chapters

Introduction (00:00)
How Network Mapping Works (03:12)
DOS Tools (11:44)
Network Mapping Software (34:54)
Security Considerations (44:14)
Final Thoughts (48:21)
Class Notes

How it Works
ICMP -- Internet Control Message Protocol -- part of Internet Protocol
Echo request
Used by OS's to send error messages
Ports Scanning
All network applications require specific ports to be open
SMB Shares
Server Message Block is used for Windows File and Print Sharing
SNMP
Simple Network Management Protocol
Part of IP
Allows communication of alerts for numerous types of problems on a system from applications, the operating systems or even the hardware
Uses Agents,Traps and Network Management System
Agents are pieces of software installed on the monitored systems
Traps are alerts that are set for the Agent (CPU goes over 90% for 5 minutes)
Network Management System receives alert messages from Traps.
SNMP Service must be running
Uses UDP Ports 161, 162
Basic DOS Commands
IPCONFIG
Ipconfig /all -- Shows current IP information fro system
Ipconfig /release -- Releases DHCP IP Address
Ipconfig /renew - Acquires a new IP Address from DHCP Server
Ping
i. IP Protocol
Ping 10.1.10.1 -- Pings either an IP Address or a Domain Name
Ping /? -- Shows arguments fro Ping command
Ping 10.1.10.1 --n 6 -- -n argument changes the number of pings sent
Ping xxx --i 200 -- -i argument changes the Time To Live for a Ping
Tracert
IP Protocol
tracert www.everymanit.com -- Shows all of the routers on the path to the destination
Network Mapping Software Description
Network Mapping Software Discovers Devises and Systems on Your Network
Can be free or very expensive
There are numerous types of software that find different information
Security Security Good vs. Bad
Turn off SNMP services? -- SNMP can be very useful if you use it.
Use firewalls -- Firewalls can block Network Mapping Software from discovering devices on the network
Turn off Ping Echo -- You can turn off Ping Echo using security software. Ping is a very useful diagnostic tool, and can cause confusion for technicians if standard systems cannot be pinged.
Final Thoughts
Network Mapping can be used for Good and Bad purposes. You must weigh utility vs. security when deciding to allow or block the ability to map a netwrk.
Resources

Spiceworks
PortScan

---

Closed Caption:

hello again as you know i'm eli the
computer guy over here for every man I
t.com and today's class is network
mapping so we're going to talk about how
you map a network
basically all network mapping means is
that you plug into a network and you try
to figure out what is on the network
what services are available on the
network
what shares are on the network what
computers are on the network what what
access points what's routers what
servers etc
the big problem especially for
consultants coming in to to a a computer
network that is already up and running
is many times you have absolutely no
idea idea what is on that network and
the people that are hiring you
they really have no idea what's on the
network so you know you ask them how
many computers they have they struck
their shoulders you ask them how many
switches they have to show your
shoulders a access points etc so by
being able to map a network you can
figure out what is on the network
so basically you you can figure out you
know where to go from where you are also
another good point with learning how to
do a network mapping is a lot of modern
networking equipment when you plug it
into the network it uses dhcp to
automatically grab an IP address so you
plug in a wireless access point you plug
in you know a network printer etc and
they automatically grab and a IP address
well if you know that IP address
you can go to your little computer you
can go to that IP address and you can
get into the nice little web interface
and and administer that printer or that
access point or that router
the problem is you don't know what IP
address that that device has a it's
difficult very difficult to to to get to
it
so by understanding how to do network
mapping you can automatically map an
entire network and then be able to find
all of your wireless access points all
of your printers all of your computers
etc so this class is going to teach you
how to map a network
we're going to talk about the basic
services that are required that you used
to map it out
work icmp port scanning SMB server
messaging blocks SNMP and such going to
tell you about the basic process of
doing it just so you have an over idea
overall idea why you a map a network now
you know this can be good used for good
and bad purposes this can be used as use
a consultant going in just to figure out
what is going on with the network to
figure out what the servers are what the
access points are etc
this can be used for security so you can
go and you can do network mapping to
find out what shares are open
that shouldn't be open what ports are
open that shouldn't be open etc or you
can use this for hacking
uh where you go in and you find out that
people left all whole bunch of folder
shares wide open on the network and you
can just hack away as you please so
depending on what you're doing you can
use network mapping of four uses so up
so give me a second i'm going to put a
couple of things together and then we're
going to get in this class network
mapping
so when you're doing network mapping
there are four basic components to the
systems into the networks that you
should understand that you were going to
be using to map out the network
the first is something called icmp this
is called internet control message
protocol
this is part is a protocol that is part
of the tcp/ip networking sweet so if
you're using tcp/ip which in this day
and age
just about everybody does i don't know
why you wouldn't be using tcp/ip is
tcp/ip then within that tcp IP is icmp
internet control messaging protocol
this is the protocol that allows
computers and networking devices to talk
back and forth and send error messages
so although the very lowest level this
is how computers and devices can talk
and you know can make sure that that
another device is there and if it's not
there can send error messages back
basically what we're going to be using
ICMP for is something called the echo
request so the echo request is where
your computer calls out to a computer or
device on the network and says hey are
you there
so your computer goes hey are you there
router and the router says yes I'm here
are you sure you're there he has i'm
sure i'm here are you really sure I'm
here
yeah cetera so basically your computer
calls out to whatever computer device on
the network says hey are you there
well what's supposed to happen is your
computer will call out that device that
device is supposed to respond back say
yes I'm here
well with the echo request to three
things can actually happen
your computer tries to talk to that
Network your computer device
uh and that device comes back and gives
you an echo response that is crystal
clear so everything works perfectly
or it can give an echo response and from
the information within that echo
response you can see that there are
errors so so it's not that the network
cable is unplugged entirely or that that
network device is powered off but for
some reason
uh the communication isn't going back
and forth as
Mosley as possible so it's a second
reason thing that could be happening or
the third is that for whatever reason
that computer device is unplugged from
the network that computer device is
turned off or something has just gone
haywire and the CPU has blown up so when
you do this is echo request
basically you can get three responses uh
everything is good is something is going
on
that's a little weird or no response at
all this is all used a using the ICMP
internet control message protocol
the next tool or whatever that we're
going to be talking about is something
called port scanning
so if you know anything about tcp/ip if
you know anything about servers
you know all networking services use
ports within the tcp/ip protocol so so
if you're going to a website you use
port 80 s eight if you're using ssh to
get to a linux server using port 22
if you're using pop3 email access you're
using port 110
so every single network application uses
its own port
so what the what we're going to be doing
is doing port scanning to see what
computers have what ports open so so by
seeing what ports are open we can
determine what that computer or server
might be doing so if the ftp port is
open that might be a file server or
somebody accidentally turn on the ftp
poor and we should turn that off
the next thing that we're going to be
looking at is something called smb2
shares server message block shares
generally used with Windows networks
this is where you you double-click on a
shared folder and you can access shared
folders shared files and shared printers
on other computers these r sm b shares
so what we're going to be doing is
looking for SMB shares finally there's
something called s/n MP this is called
simple network message protocol
what this protocol was developed for
was to send our a greater quantity of
information to network administrators so
that they could fully understand what is
going on with their systems and their
servers so basically with s and M p
you have three things first you have
what is called a network message
management system
this network management system goes and
it gathers information from all the
computers and devices on your network
that are using SNMP those computers and
devices on the networks that are
gathering information and then have s
and M p agent installed on them so these
are just basically small little pieces
of programming and then what you can do
is you can create SNMP traps that state
when something happens with that that
device or that computer you want to send
an alert back to that network management
system
so basically how SNMP works in the real
world is let's say you have a server and
you're worried you do not want this
server to go over ninety percent cpu
utilization
so what you can do is you can install an
SNMP agent on to that server then you
can create a trap that says if the cpu
goes over ninety percent usage for five
minutes
I want the network management system to
be alerted so your computer is buzzing
along if it goes over ninety percent for
five minutes then it sends an alert back
to that network management system
now the nice thing with these agents and
traps is you can gather a whole bunch of
information
it's almost limitless the amount of
information that you can gather using
SNMP agents and traps
you can gather all the software that is
installed on your that computer you can
you can determine what updates have been
installed on the computer you can
determine all the the hardware that is
on that computer so imagine if you had
30 or 40 or a hundred systems in your
network
and you could sit at one console and see
you know what computers have only two
gigs of ram what computers have 10 gigs
ram you can see all the hardware
information simply sitting at your
network management systems you're just
sitting at one little console and you
can see what is going on
you can send alerts trapped again if if
a computer goes under let's say ten
percent hard drive space where it may
cause problems that SNMP trap can send
an alert to you so that you can see you
know the Secretary's computer went under
ten percent a utilization using these
things are you can get real-time
information into you and you can also go
out and you can quickly inventory all
the systems and devices on the network
so you know if you want to make sure all
your windows vista systems are up to
service pack 1
you can go out and you can scan all the
computers and make sure there are up to
the service pack 1
the main thing that you should remember
with SNMP is that there is a simple
network management protocol service on
your window system so that has to be
running if you turn that service off
SNMP doesn't work at all it also
requires UDP so not tcp UDP ports 161
and 162 torko put that all on the the
notes on the bottom but those are the
four four concepts that you should
understand for for mapping network
icmp internet connection control message
protocol this is part of the tcp/ip
sweet
basically this is just a communication
protocol for different devices on the
network to talk to each other basically
say hey are you there
there's port scanning so every network
application has to have its own port 484
24 25 for 110
you know there's a lot of them out there
SMB simple server message block so these
are these are the windows shares so we
can go out and we can scan for those
shares and then finally s N and P simple
network management protocol
this is what allows you to gather a lot
of information about the systems and
devices on your network
now for mapping your net
no some basic das man's if you if you've
done any network in the past if you work
with das you should probably know these
commands I would hope this . by now but
if you are new to network mapping we
should just go over three commands that
you should understand a in order to to
do that the basics for network mapping
the first we have to talk about is
something called IP config IP config is
the basic boss command that shows you
what the IP address
uh information for your computer
currently is so if you run the command
IP config space /all this command is
going to show you what your current IP
address is what your current subnet mask
is you know that's all fine and good
the big thing that is going to tell you
beyond that is it will tell you the IP
address of your dhcp server it will tell
you the IP address of your default
gateway and it will also tell you the IP
address of your dns server so if you're
trying to figure out what's going on
with the network you know you you just
walk into this network you have no idea
what's going on
well probably the first thing that you
should figure out is what the default
gateway is so of course the default
gateway is your router your cable modem
your ad tran whatever gets you from
inside your building out to the Internet
cloud so that's what the default gateway
is once you understand what the default
gateway is you should also see what the
dns servers are so so if you're trying
to figure out how complicated your
network is this is very important if you
have a very simple network your dns
server your dhcp server and your default
gateway will all be the same device
whether it is a router whether it is it
windows server etc if it is a simple
network dns dhcp and default gateway
will all be on the exact same device if
you have a complicated network all those
will be on different devices so if you
go in and you see that your your your
dns server is 10 . one . ten . to your
dhcp server is 10 . one time
10 . 3 and your default gateway is 10 .
one . ten . one that's telling you who
you have a lot of stuff going on here
good or bad I mean it might not be good
that you have a lot of stuff going on
there but it tells you that you do have
a lot of stuff going on now with the
ipconfig so its IP config space /all
this will tell you the current
information for your computer or we'll
come back and I'll say 0 0 0 0 which
means that you have no IP address
whatsoever
now if you've just plugged your computer
into the network
you can also use the ipconfig command
and what you should do is space forward
slash if you do release this will
release the dhcp address that your
computer currently has
so if you plug into a network what I
would suggest that you should do is
you're an ipconfig space force last
release and then use do IP config space
for it / renew and this renews your IP
address so this make sure that you have
the most current IP address information
after you do this you do the ipconfig
space for / all
and again that will show you what your
IP address is your subnet mask is your
dns your dhcp your default gateway this
is very very important information
now once you make sure that you are on
the network then the next thing to do is
make sure that you can talk to other
computers or devices on the network
this is you know we're talking about
icmp before the communication protocol
the first thing that we use with his
icmp communication protocol is the
command pain
so what paying essentially does is ping
has your computer
call out to another computer or device
on the network and ask if it's ask if
it's there
so basically your computer will say
hello and then the computer on the other
side hopefully will say hi back
now if the computer on the other side
doesn't say hi back then you know that
you have a problem
so what have
and in the das world is you do you do
ping
then you do space and then you can put
in either an IP address or a domain name
so you could put in ping space 10 doubt
one . ten . one
so if you're trying to figure out if you
can communicate with your default
gateway with your modem here
our default gateway is 10 . one not ten
that one so if i'm sitting at a computer
I can do ping and that one that 10 . one
and this will tell me if I'm talking to
uh to my router to to my default gateway
if nothing comes back if it basically
says error cannot be found then i know i
have a major problem inside my network
what will happen is after you do this
pink man it will call out and get a
response
four times now if you are in the linux
world it would just continuously ping
until you forced it to stop you to
control see in the windows world it will
do it four times and then automatically
stop for you when it does is four times
basically it will go out it will ping
the device and then it will tell you the
time to live it will tell you how
quickly this communication happens so if
you have a high number
you know that there's a delay in the
system if you have a low number
you know everything is is is doing
pretty good now when you do the ping for
a domain name so you say ping let's say
server
this is an easy thing because it will
ping as long as your computer can
communicate with the dns server the ping
command will then resolve the IP address
of the server that you're trying to get
to so let's say you're trying to get to
the exchange server
so let's say you do ping exchange
well then the ping command talks to the
dns server and it will then figure out
what this IP addresses so 10 . Wanda 10
. 13 and then it will ping
this IP address again this is very easy
thing because you can see if your
exchange server is up and running and
then it will also give you the IP
address of that exchange server
you know in case you need in the future
now with the ping command over all the
pink man is a very simple command but if
you do need to know like all of its
different options again you just do ping
space forward slash ? which you should
know for das commands and this will give
you the little description of how the
ping command works it will tell you what
arguments you can use with a pink man
the two arguments that i would suggest
that you use with the ping command or
think about using with a ping command R
1 which allows you to put in how many
like the total number of pings that will
happen so let's say you send out for
pings to pings come back good one comes
back a little weird
then the next one comes out good and you
want to get an idea of just how how
flaky the the network connection maybe
well instead of setting out for pings
you may want to send out 200 pinks
just you continuously keep pinging that
server and see what the results are to
do that
what you do is you do ping space and
then you let you know you put in the IP
address to that one . ten . one and then
you do space you do - and you use the
end the lower case in as in November
argument space and then how many pings
you want to send out so let's say 200
so what this will do is it'll pingtan
not one that 10 . one and two hundred
times instead of four so this gives you
an idea of what's going on you know you
send out for you think it's a little
weird
well let's send out two hundred and just
continuously if you keep hammering that
server
do you see any network problems the next
thing is sometimes the server is very
slow to respond
a 22 your ping request and so sometimes
you want to up
what is called the time to live so the
time to live on a ping request
basically the computer says if i don't
hear a response
within so many milliseconds i'm going to
assume that the ping command failed
well depending on how flaking and nasty
your network is that time to live
maybe too short so what you can do is
you can do ping again ten doubt
Wanda 10 . one then you do space
- lowercase I then after that you put in
how many milliseconds
you want the ping command to live for
what the time to live for us again you
plug it up to two hundred or a thousand
or whatever it is basically this keeps
the command open so if it's taking a
really long time for that community for
that server to communicate back to you
you make sure that that at least you can
hear again
you know if if if you have to use the I
command
what this means is that you have a
problem on your network
all you're doing with increasing the
time to live is trying to get yourself a
better idea of what problem is going on
now after you get done with the pink man
so you know you you ping out you call
out to the device
the next thing you can do is if you're
trying to isolate where we're a problem
is in a network or trying to understand
what what
routers or what networking equipment are
are a routing your traffic
you can use something called the trace
route command so the traceroute command
is actually TR a Cee are t so its trace
or but its trace route the the command
is trace around what this does is it's
kind of like the pink man only it
actually gives you an echo response from
every networking device that you go
through
so let's say you do Trace rao and then
like as i will show you in our
demonstration
eww . every man I t.com so I'm trying to
see the route from my computer here all
the way to our server every man I t.com
sitting in the data
center that that's a few miles away from
here well when you do the trace around
instead of just getting a normal ping
response
what will happen is you will actually
see all of what are called the hops hops
basically all the routers that this goes
through in order to get to the server
that you're - you're trying to reach
so first it was first it will say that
it's going through the default gateway
here 10 . one . ten . one and then we'll
say it's going to comcast's gateway and
then it's going to another gate one then
another gateway then another get we gave
way and then as you'll see
then you go and you hit the the data
centers networking devices and so
they'll send information back and then
finally hopefully you'll get to the
information from every man high tea back
to you
so this is a very important tool this
will make a little more sense when we go
over and demonstrated in a minute
so the basic das commands for mapping
out a network are again
ipconfig this is very important the main
reason is is you can go in and very
quickly hopefully find out what the dns
dhcp and the default gateways are then
use the pink man ping is
hello hi Peter hello
that's all it is is basically your
computer calling out to different
network computers or devices pain works
for computers
ping works for routers ping works for
printers ping work for wireless access
points and depending on what you're
dealing with pink may also work for your
switches so this can hit all the
different on networking devices that are
using tcp/ip then you know if you're
trying to to actually trace the route
that your little your little packets
take you can use a trace route or trace
or command and that will show you every
single hop that that that your packets
take to get to the server the trying to
get to
so with this let's go over to the
computer and i'll show you ipconfig ping
and trace around
ok so here we are back at my my Windows
7 computer
we have the nice little command prompt
icon here
so if you're dealing with windows so if
you're dealing with windows and you're
going to be using the ipconfig command
you need to open up the command prompt
as the administrator do I run as
administrator if you're using a windows
XP or earlier
well you can just use command prompt not
worried about it so what you're going to
have to do is you're going to right
click the command prompt and then you're
going to have to run as administrator
and of course is going to give you this
little thing and you say yes and now
your command prompt opens up now with
this command prompt
what we are now going to do is to make
sure that we have all the latest
information all the latest networking
information on the system we are going
to do IP config and we are going to
release and renew the IP address of the
first thing that we're going to do is I
pecan specific space forward slash
release and this releases the dhcp IP
address that we currently have on the
system
it's that easy now in order to renew the
IP address to IP config space for / -
and hit enter this make sure that we
have like I say the latest information
now we renew the IP address so all we do
now to see all of the IP information as
we do IP config space /all so what we
did is we did release and this is where
we released
we did renew this is where we renew and
now we do ipconfig space /all so this
will give us all of the IPF information
for this computer so we hit enter and so
this is our command up here
now it says this tells us our host name
so it says the computer's name is
graphic
as a whole lot of information here it
tells you are network adapters
so the first network adapter is a
realtek pcie yada yada
it says the physical address so this is
the mac address in case you need it
that there now it says what the ipv4
address so this is what you're going to
see if you're dealing with windows 7 or
windows vista windows XP or earlier
all this is a little easier to
understand but with vista and such it
gets a little more complicated but
you're looking for ipv4 address and it
says the IP address of this computer is
10 doubt one that 10 . 10 the subnet
mask is a classy 255 255 . 250 says when
you obtain to the address when the lease
expires then here is one of the
important ones what is the default
gateway so this is the networking device
that gets us out the outside world
whether it's a router whether it's a dsl
modem cable modem etc so that's 10 doubt
one . ten . one so we will have to be
able to communicate to this device in
order to get to the outside world
this is what the dhcp server is again .
one . ten . one and then says what the
dns server is 10 not one not two not one
again as I said and you know in the
live-action blurb if the default gateway
the dhcp server and the dns server are
all have the same IP address that means
you have a relatively simple network to
deal with but all these servers can be
different physical servers the default
gateway could be 10 2012 10 . one
the dhcp server can be 10 2012 10 . -
and the dns server could be 10 . one .
ten . 3
this does happen in the real world for
good or for bad of so so just make sure
you know when you're looking at this
you'll see how complicated a system that
you're dealing with
so since we've now figured out you know
what what the the default gateway as we
are now going to do a ping command
- - to take a look at
so I'm just going to clear this out real
quick so will open this up again and so
now we are going to ping our default
gateway that 10 not one . 10 that one
so in order to ping that gateway we just
do pink p ing space than 10 that one .
10 that one
so this will go out and it will call out
to that default gateway and say say ask
if it's there so we hit enter and now we
see it's pinging pinging four times so 4
times that default gateway said hey I'm
here
the time it took and the time to live so
the time to live for this request was 64
milliseconds the time equal six
milliseconds the first time less than 1
millisecond the second time five
milliseconds third time less than 1
millisecond 35th for thought
so this means that that the the gateway
is responding very very very quickly so
you're not having any problems
so let's say that we wanted to ping the
default gateway more than four times
again
all you do is ping space 10 . 110 . one
space
- n then let's say we want to ping it 10
times
so now it's going to ping that 10 times
so we pick it ten times and you get the
information again like I say is if
you're having really weird networking
problems sometimes you know i plug in
and that i want to ping a device 200
times just so i can get an idea of of
how often the reply errors out again you
know we have a good network here Cisco
equipment professional so everything is
running well
but when you go into it with some of
these nasty nasty network environments
you may have corroded cable you may have
switches that are 10 years old you may
be dealing with hubs for Christ's sakes
so so so being able to this ping command
you know a hundred or two hundred times
they give you an insight on to how the
network is working
now finally with the ping command we
need to talk about that time to live so
again right here it shows that the
time-to-live defaults to 64 milliseconds
now what if you're thinking that maybe
the equipment is responding but it just
needs more time
so in order to give it more time we do
ping 10 doubt one that 10 . one space -
I and then we put in our time to live a
longer time live so let's say we do 200
milliseconds and then we hit enter so it
goes through and everything works fine
so basically here there there were no
problems so we went through so that is
the basic ping command
ah so with the ping command you can go
out and you can ping you know devices
and and things on the network you can
also ping devices and such on the
internet so we could do ping space www .
every man I t.com hit enter and now
we're getting a response from every man
high tea , like I say every man I t , is
sitting in a data center a few miles
away from here
well the first thing that happens is the
ping command resolved the IP address of
every man I t 2 207 . one for 253 . 132
and then it pings - 700 14 . 53 . 1 30
to four times
here you see that the time it takes is
25 milliseconds
so the first one was for five
milliseconds 20 milliseconds 37 seconds
25 milliseconds again if we look up here
pinging our own default gateway took a
less than 1 millisecond so this does
show you that it takes a little bit of
time I mean it's milliseconds but it
does take time to go out there and and
talk to the server sitting out on the
internet now final answer will clear
this out
we are going to look at the trace route
command or the trace Burke
so if you don't put in trace route you
put in tra
SI e RT so with that it's TR a/c II RT
and then you you put in whatever IP
address or domain name you want to trace
- so so with this again let's put www .
every man I t.com so what this is going
to do is going to trace the entire route
it takes to get to the everyman itv.com
server so we hit enter and so so we see
again it resolves a domain name it to a
714 5332 and now the first top-10 that
one not ten doubt one is our default
gateway and then from there
it hops to the closest comcast server
from their hops to the Baltimore comcast
server to the DeSoto comcast server to
this to the white mesh smart server to
New York so it goes all the way up to
New York then it goes down to mclean
virginia it goes to aspirin Virginia
then it goes this 75 . 149 . - 31 162
this is one of the the routers that is
sitting at the data center and then it
comes to to the actual server so this
shows you the entire route that the
command takes this can be very important
when you're dealing with large networks
now when you're dealing with small
networks you know the small office with
10 users
you rarely rarely rarely rarely ever
have to use a traceroute command but if
you're going in to a network of a very
complicated network where you were
you may have 20 or 30 routers you know
you you have communications going on you
know you have you have a hundred remote
offices
you have two major offices you know
there's all this communication going
back and forth using this traceroute
command can be very helpful to try to
figure out how communication is going
through all those as it was individual
networks
so with that let's go back out to the
outside world and talk about network
mapping software
so those were the simple dost tools or
das commands you can use just to just to
start understanding what your network
looks like now
the best tool once you have a vague
understanding what your network looks
like is to use network mapping software
now network mapping software this is
this is full fledged software you can
get it for max you get for Linux you can
get it for windows etc what this
software does it tries to go out and
grab information about your network now
that this network mapping software some
of it is free some of it is open source
some of it cost you five thousand
dollars a license
the costs really depends on on on on how
much information
this network mapping software i will get
for you
the big thing to understand with network
mapping software is this software all
the different versions of it are built
to do different things so so you know
you may go out he may look go to
download.com or softpedia . , and you
may see 50 different pieces of network
mapping software and what you should
realize is all these pieces of network
mapping software do things differently
they look for different information
some of it will give you back very
simple text files
others will give you back these really
fancy pictures and we'll show you how
that all the devices connect to each
other some some all they do is they go
out and they look for open ports and
open shares others again they map
everything and it will tell you all the
software that is installed on each and
every computer
so the main thing to understand about
network mapping software is you know
it's anywhere between free and open
source to five thousand dollars license
not joking about that $5,000 license and
it all does stuff differently so
depending on what you are trying to get
will depend on what software
you know you you end up using so we're
gonna go over and do a little
demonstration the first administration
will show you is with a really quick
light piece a piece of free software
what it does is it goes out it stands
for all the devices on the network
it looks for open ports and looks for
open SMB shares these are basically
windows file shares
that's all it does there's nothing fancy
there's nothing cute about it is a very
quick way to go out and scan your entire
network
the next piece of software that uses
something called spiceworks again it's
free
why cause I'm teaching a class for you
and you know it or not i'm not gonna
spend five thousand dollars a piece of
software but the nice part with
spiceworks easy it can actually go out
it can inventory uh software on
computers
it can determine what types of devices
certain networking equipment are so it
can say oh this is a router oh this is a
switch
oh this is a wireless access point it
will tell you the operating system that
is sitting on whatever Network Devices
fine so even if you can't figure out
what something is it can tell you the
operating system on it so it will say is
I'll show you
hey this is a cisco operating system on
it if it's a cisco operating system it's
probably a piece of networking device
so with that let's go over to a
demonstration on network mapping
software it's very easy to use the one
thing that i will tell you is i will at
this point only show you the results of
the network mapping software because
network mapping takes a while so even on
our really pathetically small network
that i have here in this building
it takes five or ten minutes to run so
if you're going to map a network a
hundred two hundred three hundred
thousand computers basically just just
set the thing to go for a night and then
come back don't expect that network
mapping software what will will work in
five minutes cuz
yeah well okay so we're now we're back
on the Windows 7 computer and i'll show
you two different types of network
mapping software
the first is something called port scan
and then the second will be spiceworks
these are these are both free piece of
software
the first port scan I will just bring up
like i said and the in the the live
action part of the class i'm not going
to run a scan right now because running
a scan
even on a small network like my does
take time the stakes physical time so if
you're going into a large network of the
what I would tell you to do is plug in
your laptop and immediately start the
scan
don't wait to do the scan in until you
have to leave in half an hour
because it will take a while so with
this very simple on scanning software
this scanning software will go out it
will look for what devices are on the
network to look for the mac address it
will look for open ports and we'll look
for SMB shares so like I said again
of all the software does different stuff
some of it is true really quick
some of its really pretty so it's really
in depth you know just depends on what
you go out to buy so we can see here you
know a scan through the network so it
found host 10 . one . ten . 10 gives the
mac address gives the hostname so the
hope that a computer name is graphic and
then it shows what ports are open on
this computer HTTP 80 at the map 135
https all of these ports are open on the
computer and then it says what shares
are open so the users share is open so
if you want to try to connect to this
you may be able to connect using the
share for users under this you know
shows 10 . one . ten . 3 and the mac
address
I shows open ports but it doesn't give
you any more information so again this
is in a very in-depth scanner just kind
of kind of shows you what's out there 10
2012 10 to 11 the same so it shows you
it's there
you still don't really know what it is
though that's 16 . 13 so you can see
host name oh this is a gateway laptop so
so that's something I tend not to send
out one again this add this as open
ports so this gives you an idea of what
devices and computers are on the network
what ports are open the hostname if it's
available
so this this this port scanner will run
very quickly but it gives you just very
very very basic information if all you
needs basic information that may be you
know again all you need that we open up
uh this a piece of software called
spiceworks so this is a much more
complicated piece of network mapping
software again it's free but it gives
you more information of what's going on
so here this will actually show you the
types of devices that are on the network
so you can say see right now there's two
workstations on the network to servers
on the network 3:00 networking devices
one other etc so i can go on to this
workstation click and it shows
I have that gateway laptop and then i
have in the graphic computer
if I click on this graphic computer like
i said before this is a more in-depth
piece of network mapping software i can
go down I can see it's a graphic
computer I can see the motherboard that
is on it
I can see that has an intel core i7
processor is he has windows 7
professional
I can see it has four gigs of ram so
this is all information that the other
piece of software didn't have you can
you click on the configuration
it even shows a local see dr twenty-nine
percent free local f drive sixty-five
percent free e drive oops
look II drive is full so I need to take
a look at this computer and see what's
going on
so this gives you lots and lots and lots
of information about the computers that
are on your network
so if we go back to inventory we can go
over to network and here we can say oh
look this looks like a wireless access
point so this is an apple a wireless
access point and it tells you sell some
information couldn't be found
we can click on this so this it says
this is a Cisco device and go over here
this is an smc so this is the 10 . one .
1001 this is our default gateway
so with eyes like I say a more robust
type of networking software
this can go out and it can scan all the
devices the computers the server's
everything that's on the network and get
information about them so so like like I
say with graphics the graphic computer
not only can i see its windows seven pro
4 gigs of ram but i can actually click
on software and this shows me all the
software that's installed on this
computer
so you know if you're trying to go out
and you're trying to do an inventory to
make sure you don't have pirated
software on your computer this can be a
very very very very valuable
so this is spiceworks and I also showed
you port scan again depending on what
you want
you know it depends on whether one of
these piece of software is good for you
so with that let's go back out to the
real world and talk about security
considerations
so now that you've seen how easy it is
to map out a network you might be
thinking hmm i have a lot of security
holes here
so the first thing you may want to do is
run out and try to close all of those
security holes
the first thing that I am going to
remind you is uh you know the more
things more services you shut down the
more complicated it is going to be to
administering network so you can close
down all these services you can turn off
SNMP a simple network management
protocol
you can turn off ping request etc but if
you do that it is going to be very very
very very difficult to map that network
if another technician comes in behind
you or something just just weird habits
so the first thing is if you want to
shut down the ping service so ping is
the basic service that almost all of
these network mapping a piece of
software use to determine if computers
exist so you can shut down that I cmp
echo request
now if you're dealing with a router so
let's say you have a router that is
sitting on the internet and you don't
want anybody to be of the ping that
router with in almost every single
modern router if you go into the
settings page there will be a little
thing that allows you to turn off the
ping request
so if somebody tries to pin your router
it simply will not send a response back
so basically the computer out on the
internet tries the ping that router and
then they there the router ignores it
now if you have normal computers sitting
on your network
normally in order to stop this icmp echo
request you have to install security
software for whatever reason you cannot
just go into windows and say don't
respond to ping request you actually
have to submit a turn on security
software so you know you just pick up a
cafe your vaster whatever else is out
there and that software will turn off
that icmp a request for you then you
know if you if you want to turn off the
the pings that's how you do that
the next thing that the the big thing is
then SNMP the the simple network
management protocol
now with this on all windows computers
you can go in and you can actually turn
the service off so if you turn that
service off an SNMP SNMP will not work
on that computer at all
whatever agents or whatever else is
installed it it just stops working
or you can use the firewall again it
uses UDP port 161 and ports 162
so if you turn on the firewall for that
local computer and and and prohibit
outbound traffic on port 161 and 162
that will stop
SNMP on them from working all so those
are the ways that you can secure your
network but again I think about it a lot
because SNMP is a very very very useful
tool if this is the first you've heard
about it before you go rushing to turn
it off
think about how useful it is a to use
I mean think about being able to get to
to look at any computer on the network
and see what is installed on that
computer see what the hardware on that
computer is be able to get those alerts
I mean that can be very very useful if
you're not using it if you have no
interest in using it you know by all
means and shut it off again with with
that whole ping and the icmp echo
command
be very careful with that because yes if
you turn it off
it makes your network quote unquote more
secure it also makes it a much bigger
pain in the butt to actually try to
administer if something goes wrong so I
would never turn off king
not me I mean maybe I would turn it off
for for for the router to the outside
world but internally inside my network
there there's no way in hell I would
turn paying off but
those are the things that you should
think about for for the security of our
network
so that was a short class
mapping network mapping is an invaluable
tool for IT professionals like I say
especially when you're going into a
brand new network or network you haven't
seen for a while being able to plug in
your little laptop and have it run a
scan of the entire network is just a
great thing whether it gives you just an
overall idea of what's on the network
kind of refreshes your your brain and
what's going on
whether you run it to see what security
problems there are so so you know I talk
about things and people laugh at me for
it but it's true there are there are so
many obsolete computers that people have
not touched in the past five years that
are still running on networks especially
once you start dealing with large
networks networks of a hundred or
thousand users
I can guarantee you there are computers
just puts in a long day after day that
nobody's doing anything with well the
problem is is those computers are then
vulnerable to hackers attacks viruses
etc because it nobody remembers them
that people probably are not updating
them virus updates are happening etc so
these computers maybe just sitting on
the network
chugging along and they're just there is
little hives of virus and hacker
activity by running a scan of the
network you can you can you can figure
out those old obsolete system and rip
them off of the network also like I say
with the SNMP agent sand traps
you can make sure that all of your
computers are up to whatever hardware or
software standards that you require
so you know you you distribute all these
little agents out there and the traps
and you can see what computers have less
than 2 gigs of ram
what computers have have a
a slow processor etc so if you go to
your client or if you go to your boss
you can give them a report and you can
say hey listen out of a hundred
computers we have 10 computers hear that
obviously need upgrades of ram
I guess make sure it makes your life a
lot easier so again this was the class
on network mapping this is an invaluable
thing whatever network mapping software
you decide to use again is entirely up
to you remember the free open source
stuff isn't as good as the expensive
five-thousand-dollar stuff so depending
on the size of your network you know
don't don't always go for the free stuff
if you have a hundred users or a hundred
systems you have a thousand systems by
the expensive software it really really
really will do better for you know all
the software does different stuff with
with SNMP software management software
the the more expensive stuff you buy it
it's really
I swear to god it's really worth the
money so this was a class on network
mapping again i'm eli the computer guy
over here for every man I tea and look
forward to see you at the next class