Mapping a Network
Last updated
Was this helpful?
Last updated
Was this helpful?
Mapping a network involves identifying and visualizing the devices, connections, and topology within a network. This process helps in understanding network structure, optimizing performance, and enhancing security measures.
arp-scan ToolThe Address Resolution Protocol (ARP) is a network protocol used to find the physical address (MAC) of a device from its IP address. It helps devices in a local network communicate with each other.
is a command-line tool used for scanning the local network and displaying a list of active hosts by sending ARP requests.
Fping Toolfping is a command-line network diagnostic tool used for sending ICMP Echo requests to multiple hosts in parallel to check their availability and measure their response times.
Provides you lists of IPs which are connected to the network.
PingPing is a command-line utility used to test the reachability of a host over an Internet Protocol (IP) network by sending an ICMP echo request and waiting for an ICMP echo reply.
Nmap/Zenmap ToolWireshark ToolWireshark is a tool used to analyze and troubleshoot network traffic in real-time. It captures and displays data packets passing through a network interface, allowing users to inspect them for troubleshooting or security analysis purposes.
Filter by IP address: “ip.addr == x.x.x.x", where "x.x.x.x" is the IP address you want to filter
Filter by IP address range: "ip.addr >= x.x.x.x and ip.addr <= y.y.y.y", where "x.x.x.x" and "y.y.y.y" are the start and end IP addresses of the range
Filter by network interface: "interface == eth0" to show only packets captured on the eth0 interface
Filter by port: "tcp.port == 80" or "udp.port == 53", where "80" and "53" are the port numbers you want to filter
Filter by packet length: "frame.len > 100" to show only packets that are longer than 100 bytes
Filter by source or destination MAC address: "eth.src == xx:xx:xx:xx:xx:xx" or "eth.dst == xx:xx:xx:xx:xx:xx", where "xx:xx:xx:xx:xx:xx" is the MAC address you want to filter
Filter by HTTP status code: "http.response.status_code == 200" to show only packets with a status code of 200
Filter by HTTP method: "http.request.method == GET" to show only packets with a GET method. You can substitute GET with other HTTP methods such as POST, PUT, DELETE, etc
Filter by HTTP URI: "http.request.uri contains 'example.com'" to show only packets that have a URI containing "example.com". You can substitute "example.com" with any other URI string
Filter by HTTP response code: "http.response.code == 404" to show only packets with a 404 response code
Filter by HTTP cookie: "http.cookie contains 'sessionid'" to show only packets that contain a cookie with the name "sessionid"
Filter by TCP flags: "tcp.flags.syn == 1" to show only packets with the SYN flag set. You can substitute SYN with any other TCP flag, such as ACK, RST, FIN, URG, or PSH
Filter by packet size: "frame.len > 1000" to show only packets larger than 1000 bytes.
Filter by DNS domain name: "dns.qry.name contains 'example.com'" to show only DNS packets that have a domain name containing "example.com". You can substitute "example.com" with any other domain name
Filter by TLS handshake type: "tls.handshake.type == 1" to show only packets with a TLS handshake type of ClientHello
Hacker's Mantra:At the end of the day, the goals are simple: safety and security. - Jodi Rell
Nmap is a powerful network scanning tool used to discover hosts and services on a computer network. Zenmap serves as its graphical user interface (GUI), offering an intuitive way to visualize and interact with Nmap's scanning and mapping capabilities. Below, we will explore some Nmap flags that can be used for mapping the network or conducting network discovery in the .
