Scanning for Responsive Nodes

I want to check which nodes are responding to pings (which is allowed), and if they will also respond to snmp (which they shouldn’t).

First I need to see all the nodes responding to pings. The most efficient way is with nmap.

“nmap -T5 -sn 192.168.1.0/24 “

Use awk to print out the IPs only, now it makes a useful list.

Example:

[user@kvm ~]# nmap -T5 -sn 192.168.xxx.0/24 |grep "Nmap scan report for" |awk '{print $5}' 192.168.xxx.1192.168.xxx.5192.168.xxx.7192.168.xxx.8192.168.xxx.10192.168.xxx.21192.168.xxx.22192.168.xxx.24192.168.xxx.25192.168.xxx.28192.168.xxx.69192.168.xxx.79192.168.xxx.103192.168.xxx.137192.168.xxx.199192.168.xxx.203

Okay, that will work well in an array where I can check each one for a snmp response.

The below just proves the array works. If it does, the output should be the same (one big list):

i=1
nmap -T5 -sn 192.168.xxx.0/24 |grep “Nmap scan report for” |awk ‘{print $5}’ |while read respondingNodes
do array[ $i ]=”$respondingNodes”
(( i++ ))
echo $respondingNodes
done

Example:

[user@kvm tmp]# nmap -T5 -sn 192.168.xxx.0/24 |grep "Nmap scan report for" |awk '{print $5}' |while read respondingNodes> do array[ $i ]="$respondingNodes"> (( i++ ))> echo $respondingNodes> done192.168.xxx.1192.168.xxx.5192.168.xxx.7192.168.xxx.8192.168.xxx.10192.168.xxx.21192.168.xxx.22192.168.xxx.24192.168.xxx.25192.168.xxx.28192.168.xxx.69192.168.xxx.79192.168.xxx.103192.168.xxx.137192.168.xxx.199

Next, test if we get any responses to a snmpwalk of the system table, while also gathering the details of the nodes responding:

i=1
nmap -T5 -sn 192.168.xxx.0/24 |grep “Nmap scan report for” |awk ‘{print $5}’ |while read respondingNodes
do array[ $i ]=”$respondingNodes”
(( i++ ))
snmpwalk -cpublic -v2c $respondingNodes system |egrep ‘(sysContact|sysName|sysLocation|sysUpTimeInstance)’
done

Example:

[user@kvm tmp]# nmap -T5 -sn 192.168.xxx.0/24 |grep "Nmap scan report for" |awk '{print $5}' |while read respondingNodes> do array[ $i ]="$respondingNodes"> (( i++ ))> snmpwalk -cpublic -v2c $respondingNodes system |egrep '(sysContact|sysName|sysLocation|sysUpTimeInstance)'> doneTimeout: No Response from 192.168.xxx.1Timeout: No Response from 192.168.xxx.5Timeout: No Response from 192.168.xxx.7Timeout: No Response from 192.168.xxx.8Timeout: No Response from 192.168.xxx.10DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (21207002) 2 days, 10:54:30.02SNMPv2-MIB::sysContact.0 = STRING: user <user@localhost> (configure /etc/snmp/snmp.local.conf)SNMPv2-MIB::sysName.0 = STRING: elastic.example.netSNMPv2-MIB::sysLocation.0 = STRING: Unknown (edit /etc/snmp/snmpd.conf)Timeout: No Response from 192.168.xxx.22DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (16137668) 1 day, 20:49:36.68SNMPv2-MIB::sysContact.0 = STRING: user <user@localhost> (configure /etc/snmp/snmp.local.conf)SNMPv2-MIB::sysName.0 = STRING: elastiflow.example.netSNMPv2-MIB::sysLocation.0 = STRING: Unknown (edit /etc/snmp/snmpd.conf)Timeout: No Response from 192.168.xxx.25DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (16118916) 1 day, 20:46:29.16SNMPv2-MIB::sysContact.0 = STRING: user <user@localhost> (configure /etc/snmp/snmp.local.conf)SNMPv2-MIB::sysName.0 = STRING: Logstash.example.netSNMPv2-MIB::sysLocation.0 = STRING: Unknown (edit /etc/snmp/snmpd.conf)Timeout: No Response from 192.168.xxx.69Timeout: No Response from 192.168.xxx.79Timeout: No Response from 192.168.xxx.103Timeout: No Response from 192.168.xxx.199Timeout: No Response from 192.168.xxx.203Timeout: No Response from 192.168.xxx.225[user@kvm tmp]#

Recent Articles By Author

• Ransomware Rising – Understanding, Preventing and Surviving Cyber Extortion
• AI-Generated Personas: Trust and Deception
• How Data Breaches Empower Malicious AI: The AT&T Case Study

More from David Michael Berry

*** This is a Security Bloggers Network syndicated blog from Berry Networks authored by David Michael Berry. Read the original post at: https://berry-networks.com/2019/10/17/scanning-for-responsive-nodes/