Hardware Reference
In-Depth Information
You'll get a list of all the computers that are currently running, along with their MAC
address and the hardware manufacturer of their network adapter. On the last line,
you'll find a summary of the total number of IP addresses scanned and how many
of them are alive.
The other functions offered by Nmap can be viewed by starting
nmap
without
arguments. To give you a taste of the powerful techniques available, try the
following series of commands:
pi@raspberrypi ~ $ sudo nmap -sS -sV -sC -O -oX report.xml [target]
pi@raspberrypi ~ $ xsltproc report.xml -o report.html
pi@raspberrypi ~ $ elinks report.html
This
nmap
command might take a while to finish depending on the number of
computers on your network. It launches four different scanning techniques:
-sS
for
port scanning,
-sV
for service version detection,
-sC
for script scan, and
-O
for OS
detection. We've also specified
-oX
to get a detailed report in XML format, which we
then transform to an HTML document, viewable on the console with the Elinks web
browser. Press
Q
to quit Elinks when you're done viewing the report.
Finding out what the other computers
are up to
Now that we have a better idea of the computer behind each IP address, we can
begin to target the network traffic itself as it flows through our network.
For these experiments, we'll be using an application called
Ettercap
. The act of
listening in on network traffic is commonly known as sniffing and there are several
great sniffer applications to choose from. What sets Ettercap apart is its ability to
combine man-in-the-middle attacks with network sniffing and a bunch of other
useful features, making it an excellent tool for network mischief.
