So I’ve decided that in order to give myself something to write about, I’d start focusing on a series based approach for my blog entries for right now. And to kick off the pack, I’m going to tackle BackTrack Linux. BackTrack is a great linux distro custom built for PenTesting. It comes with a huge number of tools that can overwhelm the beginner, but also serves as a great tool for learning.
One of the first things you should do on a network, is map it out, and get a feel for the terrain and environment you find yourself in. That means that you will need to identify other computers on the network. Backtrack comes with a great many tools that can do this, but one of the nicest for formatting the output, and easy of navigation is a tool called ‘netdiscover’.
The thing to keep in mind with netdiscover is it is not a “silent” tool. It works by sending ARP requests throughout the subnet, and waiting for who replies to those requests. This means, if there is an IDS, or a networking team that tracks network traffic, or ARP requests, it will definitely see the activity of the scan. However, on most open wireless networks, there is not that kind of alert or staff, and this tool will make mapping a quick job.
I’ve created a video, to show the tool in action, but will quick discuss the syntax
“netdiscover -i <interface> -r <ip range>”
say you are on a wireless network, and your ip address is 192.168.10.5 your ip range for your subnet would be 192.168.10.0/24 and your wireless interface we’ll call wlan0 for this example. the correct syntax would be: “netdiscover -i wlan0 -r 192.168.10.0/24”
this will then open the tool, and scan all the addresses from 192.168.10.1 through 192.168.10.255 and report back any live hosts on the network. my favorite part about this tool, is it will not report your computer in the list, it will only show you the OTHER systems on the subnet.