[CUWiN-Dev] intro & network mapping
David Young
dyoung at pobox.com
Sat Feb 25 18:22:45 CST 2006
On Sat, Feb 25, 2006 at 08:16:04AM -0600, T wrote:
> I'm pretty sure I'm actually on this list now so I'm sending my intro again
> below. So I've been poking around the network and I thought it might be
> worth sharing what I've found so far. Under the assumption that all nodes
> will have an IP of 10.0.A.B, I did various kinds of scans of this subnet to
> see who I could find. Once I had a list of nodes (I found 8 at the time,
> including my own), I ran traceroute on each of them to figure out how I was
> connected to them and how long on average it took for each hop. The basic
> network map looked like the following:
>
> 10.0.145.137 (me)
> --10.0.10.176
> ----10.0.237.65
> ----10.0.237.108
> ----10.0.249.238
> ----10.0.237.100
> ------10.0.178.63
> ------10.0.186.29
Hi Tom, and welcome. I am glad you are having fun exploring the network.
Let me tell you a couple of tricks.
You can examine the IPv4 routing table like this:
% netstat -rn -f inet
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Interface
default 192.168.0.1 UGS 1 985172 - sip0
10/16 127.0.0.1 UGRS 0 0 33192 lo0
10.0.10.176 169.254.237.100 UGH1 0 8 - ath0
10.0.145.137 169.254.237.100 UGH1 0 23 - ath0
10.0.177.226 169.254.237.106 UGH1 0 4 - ath0
10.0.178.57 169.254.237.106 UGH1 0 0 - ath0
10.0.178.63 169.254.178.63 UGH1 0 6696 - ath0
10.0.186.29/32 link#1 UC 0 0 - ath0
10.0.237.65 169.254.237.100 UGH1 0 1634 - ath0
10.0.237.68 169.254.237.106 UGH1 0 97 - ath0
10.0.237.70 169.254.237.106 UGH1 0 17 - ath0
10.0.237.100 169.254.237.100 UGH1 0 5178 - ath0
10.0.237.106 169.254.237.106 UGH1 0 44 - ath0
10.0.237.108 169.254.237.100 UGH1 0 2565 - ath0
10.0.249.238 169.254.237.100 UGH1 0 100 - ath0
*snip snip*
The list of 10/16 destinations in the routing table is about as complete
a list of nodes as you can get. In fact, if a destination in 10/16 is
not in the routing table, you will not be able to "scan" it, because of
the reject rule, above, which I repeat here:
10/16 127.0.0.1 UGRS 0 0 33192 lo0
You can find a bit more information in /var/db/linkstates. The routing
daemon, hslsd, periodically writes all known linkstates (the condition
of router->router links) to that file.
> Hope this makes sense, each "--" is a hop, so for me to get to 10.0.186.29 I
> have to go through 10.0.10.176 and 10.0.237.100. This combined with the
> latency at each hop could be a decent way of mapping the network, however
> the fact that I only found 8 nodes might mean that I'm not "seeing" the
> others in the mesh. I'm going to try some other kinds of scans and see if I
> can find more nodes (nmap rocks :) Any input?
To find nodes on the network, examining the routing table will be faster
and more efficient. You will see entries in the routing table with the
form 10.a.b/24, representing wire LANs on the network, e.g.,
10.176.196/24 link#2 UC 0 0 - sip0
10.176.216/24 169.254.178.63 UG1 0 0 - ath0
10.176.224/24 169.254.237.70 UG1 0 0 - ath0
10.176.252/24 169.254.10.171 UG1 0 0 - ath0
10.177.16/24 169.254.178.63 UG1 0 0 - ath0
10.177.40/24 169.254.237.70 UG1 1 130151 - ath0
10.177.80/24 169.254.237.70 UG1 0 1 - ath0
10.177.112/24 169.254.178.63 UG1 0 0 - ath0
Scanning those subnets with nmap will yield a list of users' PCs attached
to the network and turned on. The number of PCs on the network may be
a handy statistic.
Dave
--
David Young OJC Technologies
dyoung at ojctech.com Urbana, IL * (217) 278-3933
More information about the CU-Wireless-Dev
mailing list