Steve Borba

My notes, I hope they help you, feel free to comment/add to them

nmap

posted by in Technology

Arp Scan

nmap -PR -sn 192.0.2.0/24
nmap -n -sn 192.0.2.0/24
function do-v4arpScan { 
  $adapters = Get-NetIPAddress -AddressFamily IPv4 | Where-Object { $_.IPAddress -notlike "127.*" -and $_.PrefixLength -lt 30 }
  $packet = New-Object byte[] 1
  $packet[0] = 1
  $UDPclient = new-Object System.Net.Sockets.UdpClient

  foreach ($adapter in $adapters) {
    $ipParts = $adapter.IPAddress -split "\."
    $ipInt = ([uint32]$ipParts[0] -shl 24) -bor ([uint32]$ipParts[1] -shl 16) -bor ([uint32]$ipParts[2] -shl 8) -bor [uint32]$ipParts[3]
    $hostBits = 32 - $adapter.PrefixLength
    $subnetSize = [math]::Pow(2, $hostBits)
    $networkStart = ($ipInt -band (-bnot ($subnetSize - 1)))
    $networkEnd = $networkStart + $subnetSize - 1

    for ($i = $networkStart + 1; $i -lt $networkEnd; $i++) {
        $octet1 = ($i -shr 24) -band 255
        $octet2 = ($i -shr 16) -band 255
        $octet3 = ($i -shr 8) -band 255
        $octet4 = $i -band 255

        $IP = [Net.IPAddress]::Parse("$octet1.$octet2.$octet3.$octet4")
        $UDPclient.Connect($IP,1)
        [void]$UDPclient.Send($packet, $packet.Length)
    }
  }
  Start-Sleep -Milliseconds 500
  $arp = Get-NetNeighbor -AddressFamily IPv4 | Where-Object { $_.LinkLayerAddress -ne "00-00-00-00-00-00" -and $_.LinkLayerAddress -ne "FF-FF-FF-FF-FF-FF" -and $_.LinkLayerAddress -ne "" -and $_.LinkLayerAddress -ne "02-50-41-00-00-02" }
  $arp | select IPAddress,LinkLayerAddress
}

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>