One of the big challenges we have when we're looking at a network is we need to know what is in this network. Now in other episodes, we talked about tools, like for example, netstat, which allow us to know what's happening on an individual host, our local host. But what if you have a whole bunch of computers, there's a zillion scenarios within the IT security world where you want to be sitting at one computer, and you want to start checking out other computers. Now, when I'm talking about checking out other computers, we're talking about using powerful tools that will query not just one system, but all the systems within a certain say network ID to determine what is going on. So I call these in general, network scanners, but they go by a lot of other names as well. Port scanners, is another name you hear quite a bit.
The bottom line is, is that on security, plus, you're going to be running into certain tools that will go out and sniff a network, and that's what I want to talk about right now. Now the first one I want to talk about is Probably the most famous called n map. And map is a powerful powerful tool is used for inventory of networks. It's used for looking for bad guys. It's used for all kinds of stuff. But it's not the easiest one in the world to use.
However, I'm not too bad at it. So let's take a moment use it. Now I need to warn you. And map is more commonly used in Linux systems. But I'm a Windows guy. So I've got it running right here.
So anybody out there who likes Linux, don't yell at me. Alright, so here I am in a command prompt, I've got an Nmap installed. So there's a lot of different ways to run an Nmap. So the first thing I'm going to do is I'm going to just check out the network around me. So I'm going to type in map, give me lots of verbose information, and then do what's known as a ping scan. And then I'm going to give it a network to check out which is the local network for this right here.
And let's see what happens when I run this now. It's going to be taking a minute. So that's the one downside end map. And sometimes you gotta sit around and wait a little bit. Yeah, okay, so we got a ton of output here. Let me scroll up to the top so we can see this.
So basically, what I've asked in map to do is I said, Look out on the entire 192 168 four with a wack 24 subnet mask. And just give me a quick idea of what's out there. I'm not asking for much information. So let's pick individual ones. So you'll see it just starts at zero and goes all the way through. And here at found like, this is my router.
These are some more unused IP addresses. And as we go through, you'll notice what it's doing is it's giving me an idea of how many up and live systems are out there. Right this very moment. So there's a lot of computers on my little network, no big surprise there. Now in map doesn't stop there, we can actually go a lot deeper. Now one of the things I want to do this time is I'm going to run in map again this time.
But this time, instead of just looking on my own little local network, I'm actually going to go to a very specific computer out on the internet. That map has been nice enough to set up for us to play with. And it's the infamous Nmap scan me computer. So let me type this in real quick. So you type in map again, I want verbose output. This time I'm saying I want to know what the operating systems are.
And we're going to let this puppy go. Now in this particular case, we're not scanning the entire network, I'm actually trying to zero in on one very specific computer. So let's see what it came up with. All right, fantastic. So let's take a look at what's happening on just this one little machine. Now, if you think about this, they're going to put some fun stuff for us to find here.
All right, first of all, here's all the different types of work it's trying to do. But here's what I'm interested in. I know Notice that Port 22 is open. So it's an SSH server, I see that Port 80 is open. So I know automatically, that's a web server. And then Port 9929, which is a non standard port number is also available.
And I can go ahead and start doing stuff with this. So that's one of the most important aspects to end map is that end map by itself doesn't hack anything. What in map allows me to do is to go in query a system, and then I can start doing stuff. If I know that Port 22 is open, I might turn to some SSH attack tools to try to break into the system via SSH. If I'm just a network administrator, and all of a sudden I see one of my servers is running SSH, I might be making some phone calls to shut that port off. So when we're talking about a tool, like Ed map, keep in mind, different scenarios require different actions.
But this is actually pretty cool because not only that, it not only does it show that it's SSH, here's my SSH keys that are involved with that particular one. And I got some other like, I know this is a Windows machine because I see it's running 135 139 445. And then it gives me a little trace route. So I know the process I went through to get to that particular system. So here's just one example of how n map can really be handy. Now, I like in that quite a bit.
It is on every time you come up and say hi to me, I'm going to have a thumb drive on me. And on that thumb drive is going to be n map. But one of the downsides to in map is that it's a little hard to read as like this. So there's a wonderful tool that comes with an map called Zen map. And all Zen map is is a graphical user interface and overlay that runs on top of map so let's fire him up. Okay, so welcome to Zen map.
Now one of the things you're going to learn about Zen map is that you basically just as you saw me type in those strange commands at the command prompt. You're really doing the same thing. It just organizes that a little bit better. So let's go ahead and have him do so he has all these pre made scans, I'm going to do what's called a ping scan, which is not super aggressive. Now while this guy scanning, there's a couple of things I need to warn you about any decent intrusion detection system, either host based or network base is going to go bananas if you start running scans like this onto a network, so be warned. If you in the office, you know key I'm going to try and map you may end up getting a phone call.
Okay, so we've got some output here. So now we can see we've got a whole bunch of systems on this network. I want to keep that a little bit close because I don't want you guys seeing exactly my DNS names on everything. But the bottom line is, is I got tons and tons of systems. It's a little bit easier to use than running in map from a command prompt, because I can click around a little bit. It also has some handy tools.
For example, a topology tool He's a little bit of a challenge to work, but we can make him work. Let me zoom in a little bit. And all this is doing is representing all the different systems on this individual land. So it's kind of pretty in the way that it just shows all this stuff. Let me scroll in a little more. See if I can get this fisheye to bring up a little bit more, he's not gonna play, that's okay.
And I can actually click on individual systems, and I can do whatever research I need to do on it, whatever reports and at whatever that was a bad example. But I can go through and look at all these individual systems and figure out what's going on. Let's see if this one a little bit more interesting. There we go. So on that one particular system, which happens to be my router, I can get whatever information is going on on that particular system. So Zen map is just a semi graphical end map, and it is an incredibly powerful tool.
Now in map is great, but it's not that The only one out there. In fact, there's a lot of really wonderful, absolutely free tools out there. And I'm going to show you one real quick, let me close him out. And what I have here is a wonderful free tool called Advanced port scanner. This is completely free, it works fantastic. And it's kind of doing the same job that we saw with em map, or at least the Zen map interface, you can see that I've told it to scan everything from 192 168, four dot one to 192 168, four dot 254.
And this guy right here gives me all kinds of information. For example, I can click on a particular system, I can see what ports are open on this. I can run tools, there's I could run an SSH against it. Let's see if that actually works. So I can connect into something if I want to. But the bottom line is, is that I know all the different systems that are on the network, and I also can tell what ports are open.
So that's really Really what these type of network scanners can do. So when you're using network scanners, keep in mind, there's going to be three big areas where you're going to be using them. Number one, you're looking for open ports, maybe not necessarily on one machine, maybe you are. But these types of tools tell you all the open ports on all the different systems on your network. And then you can decide to do if you're doing a vulnerability assessment, well, maybe you can use that as a way to attack a system. If you're a network administrator, and you're trying to stop these guys.
This is where you can then go over to that system and turn off whatever open ports are running. The other big thing that makes these incredibly popular is network inventory. It shocks us how many times we don't know what's on our own networks. Now, I'm not talking about individual desktops and things like that. But people bringing in smartphones and people plugging in their own little laptops or anything like that tools like this will find them. It's got to have an IP address to be on the network, and they'll help you with it.
The last thing you want to ask Count four is what I call rogue systems. A rogue system is generally any system that really shouldn't be on the network. That doesn't always mean evil. For example, it's really common for people to bring in an extra system and they plug it in, it's just their home system. And that could cause problems in terms of does that system have good anti malware or whatever it might be. So, when you're thinking about these tools, keep in mind those different types of scenarios.