Tiny Core Extensions > TCE Talk

Scanning your network for PCs, their services, and IP address conflicts

(1/3) > >>

Rich:
I've just submitted a new extension called rollcall. The info file pretty much sums it up:

--- Code: ---Title: rollcall.tcz
Description: Scans local network for PCs and services.
Version: 0.9
Author: Richard Rost
Original-site: None
Copying-policy: See /usr/local/share/doc/License/rollcall-License.txt
Size: 12K
Extension_by: Rich
Tags: scan local network services
Comments: This program scans all configured network interfaces
and attempts to identify services running on this and any
remote computers. Any duplicate IP and MAC addresses will
be displayed in red. This program must be run as root.

Usage:  rollcall [-v | Services]

Options:
        -v      Show verbose output for all found sevices
listed below
Services:
DHCP NFS SMB SSH FTP PING TELNET HTTP TFTP DNS NTP TSTAMP
Only show verbose output for any of the above services
Services are not case sensitive.

Example: sudo rollcall tstamp http telnet

This extension is PPI compatible.
Change-log: 2019/3/16  Original release
Current: 2019/3/16  Original release
--- End code ---

This is a sample run of the program:

--- Code: ---tc@box:~/findpcs/src/rollcall$ sudo ./rollcall
rollcall version 0.9 Apr 3, 2015
Copyright Richard A. Rost Mar 16 2019 13:37:41

Host Name=box
eth0  IP Address=192.168.1.30  Bcast=192.168.1.255  Mask=255.255.255.0

Scanning from 192.168.1.1 to 192.168.1.254 on eth0
 IP Address        Mac Address     Services
--------------------------------------------------------------------------------
192.168.1.1     00:1f:90:a1:43:18  ARP, DHCP, PING, HTTP, DNS, TSTAMP
192.168.1.3     00:30:1e:8b:a3:38  ARP, PING, TELNET, HTTP
192.168.1.4     04:a1:51:a4:d3:f9  ARP
192.168.1.5     00:1a:a0:0b:e8:0f  ARP
192.168.1.30    00:02:e3:07:6a:d4  ARP, NFS, PING, TSTAMP
192.168.1.45    78:ac:c0:44:28:7b  ARP, NFS, PING, TSTAMP
192.168.1.47    00:0c:6e:74:7c:60  ARP, NFS, PING, TSTAMP
192.168.1.100   00:21:43:01:f7:2b  ARP, PING
192.168.1.101   00:1e:5a:ce:0c:dc  ARP, PING
tc@box:~/findpcs/src/rollcall$
--- End code ---

Here is what happens if there is a duplicate IP address:
eth0  IP Address=192.168.1.30  Bcast=192.168.1.255  Mask=255.255.255.0

Scanning from 192.168.1.1 to 192.168.1.254 on eth0
 IP Address        Mac Address     Services
--------------------------------------------------------------------------------
192.168.1.1     00:1f:90:a1:43:18  ARP, DHCP, PING, HTTP, DNS, TSTAMP
192.168.1.3     00:30:1e:8b:a3:38  ARP, PING, TELNET, HTTP
192.168.1.4     04:a1:51:a4:d3:f9  ARP
192.168.1.5     00:1a:a0:0b:e8:0f  ARP
192.168.1.30    00:02:e3:07:6a:d4  ARP, NFS, PING, TSTAMP
192.168.1.30    00:0c:6e:74:7c:60  ARP
192.168.1.45    78:ac:c0:44:28:7b  ARP, NFS, PING, TSTAMP
192.168.1.100   00:21:43:01:f7:2b  ARP, PING
192.168.1.101   00:1e:5a:ce:0c:dc  ARP, PING
Here is what happens if there is a duplicate MAC address:
eth0  IP Address=192.168.1.30  Bcast=192.168.1.255  Mask=255.255.255.0

Scanning from 192.168.1.1 to 192.168.1.254 on eth0
 IP Address        Mac Address     Services
--------------------------------------------------------------------------------
192.168.1.1     00:1f:90:a1:43:18  ARP, DHCP, PING, HTTP, DNS, TSTAMP
192.168.1.3     00:30:1e:8b:a3:38  ARP, PING, TELNET, HTTP
192.168.1.4     04:a1:51:a4:d3:f9  ARP
192.168.1.5     00:1a:a0:0b:e8:0f  ARP
192.168.1.30    00:02:e3:07:6a:d4  ARP, NFS, PING, TSTAMP
192.168.1.45    78:ac:c0:44:28:7b  ARP, NFS, PING, TSTAMP
192.168.1.47    78:ac:c0:44:28:7b  ARP
192.168.1.100   00:21:43:01:f7:2b  ARP, PING
192.168.1.101   00:1e:5a:ce:0c:dc  ARP, PING
Here is what happens if there are duplicate IP and MAC addresses:
eth0  IP Address=192.168.1.30  Bcast=192.168.1.255  Mask=255.255.255.0

Scanning from 192.168.1.1 to 192.168.1.254 on eth0
 IP Address        Mac Address     Services
--------------------------------------------------------------------------------
192.168.1.1     00:1f:90:a1:43:18  ARP, PING, HTTP, DNS, TSTAMP
192.168.1.3     00:30:1e:8b:a3:38  ARP, PING, TELNET, HTTP
192.168.1.4     04:a1:51:a4:d3:f9  ARP
192.168.1.5     00:1a:a0:0b:e8:0f  ARP
192.168.1.30    00:02:e3:07:6a:d4  ARP, NFS, PING, TSTAMP
192.168.1.30    78:ac:c0:44:28:7b  ARP
192.168.1.45    78:ac:c0:44:28:7b  ARP, NFS, PING, TSTAMP
192.168.1.100   00:21:43:01:f7:2b  ARP, PING
192.168.1.101   00:1e:5a:ce:0c:dc  ARP, PING
Double faults (2 cards with identical MAC and IP addresses) will not be detected. The programs only dependency is
 /lib/libc.so.6  which is part of the base system so it should work on all versions of Tinycore.

coreplayer2:
Good job Rich.
I can’t wait to try


Sent from my iPhone using Tapatalk

Pats:
@Rich ,
Hope your *rollcall will be better than Nmap tool , simple  though not exuastive !
...Best Luck, hope it may evolve into some thing bigger like Acunetix, WireShark etc in future .

... I think , Angry IP scanner and Nessus may be widly used by both small as well as big enterprises like big companies and banks etc.
...Acunetix list is very vast like DNS zone transfer, firewalls, switches and load balancers,  Proxy Servers, SNMP , TLS/SSL  ports,  running services;  routers,  weak passwords and many more. 
Carry-on Rich with good work ! :)

Rich:
Hi Pats

--- Quote from: Pats on March 18, 2019, 07:49:06 AM ---Hope your *rollcall will be better than Nmap tool , simple  though not exuastive ! ...
--- End quote ---
Along with reasonably fast and lightweight, that was the goal. The scans shown each took about 5 seconds. If I change my network
cards mask to 255.255.0.0 It would scan the entire 192.168.x.x range which took about 50 seconds.

Juanito:
posted - thanks

Navigation

[0] Message Index

[#] Next page

Go to full version