Wednesday, August 30, 2017

Network Scans using built-in Windows Commands

There are several tools currently available today, for performing active reconnaissance on a network. However most persons don't realize that Windows comes with the built-in tools to discover computers and open ports on a network.

Here are three (3) commands that may be useful in your next security assessment.



Ping Sweep

Using the basic command prompt in Windows, the following command does a ping sweep of a specified network ip range:
FOR /L %i in (1,1,255) do @ping -n 1 10.10.10.%i | find "Reply"



Port Scan
Powershell is shipped with all modern versions of Windows. To perform a simple port scan, use the following powershell command:
1..1024 | % { echo ((new-object Net.Sockets.TcpClient).Connect("10.10.10.10",$_)) "$_ is open" } 2<out-null



Packet Sniffer

We often associate TCPDump amd Wiresharsk with packet captures. But Windows ships with its own capture capability in the netsh command.

To start a packet sniffer, type the following netsh command:
netsh trace start capture=yes Ethernet.Type=IPv4

To stop the packet sniffer, type the following
netsh trace stop

To view the .etl file generated by the netsh command, download and open Microsoft Message Analyzer.




Reference:
  • http://blog.commandlinekungfu.com/2009/03/episode-6-command-line-ping-sweeper.html
  • http://blog.commandlinekungfu.com/2010/04/episode-89-lets-scan-us-some-ports.html
  • https://isc.sans.edu/forums/diary/No+Wireshark+No+TCPDump+No+Problem/19409/