Wednesday, August 30, 2017

Network Scans using built-in Windows Commands

There are several tools currently available today, for performing active reconnaissance on a network. However most persons don't realize that Windows comes with the built-in tools to discover computers and open ports on a network.

Here are three (3) commands that may be useful in your next security assessment.

Ping Sweep

Using the basic command prompt in Windows, the following command does a ping sweep of a specified network ip range:
FOR /L %i in (1,1,255) do @ping -n 1 10.10.10.%i | find "Reply"

Port Scan
Powershell is shipped with all modern versions of Windows. To perform a simple port scan, use the following powershell command:
1..1024 | % { echo ((new-object Net.Sockets.TcpClient).Connect("",$_)) "$_ is open" } 2<out-null

Packet Sniffer

We often associate TCPDump amd Wiresharsk with packet captures. But Windows ships with its own capture capability in the netsh command.

To start a packet sniffer, type the following netsh command:
netsh trace start capture=yes Ethernet.Type=IPv4

To stop the packet sniffer, type the following
netsh trace stop

To view the .etl file generated by the netsh command, download and open Microsoft Message Analyzer.