Once in a while, I get around running network scans to check what devices and ports are open on my network. The proliferation of IoT devices in my home, combined with lack of VLAN capabilities of my router, has upped my uneasiness in the recent times.
There are two modes of scans I often run
MAC Address scans
All devices on my router have to be manually mac address whitelisted before they are able to connect to either the internet or be used internally. There is also a separate network interface for guests that are barred from the private network.
arp is a handy command that allows listing of all mac addresses on the current network. I use this often for whitelisting and verifying devices.
$ arp -an
nmap network scan
nmap is much more versatile, but also verbose and so I use it sparingly. I do perform network scans in two modes
1. Network namespace scan
The following command scans the entire
/24 of the current subnet. It produces a report of all open ports.
sudo nmap -v -O -sS 192.168.1.0/24
2. Specific IP scan
For a much more detailed scan, I want to inspect a specific IP address, all its open ports, the services running and potentially the OS as well.
sudo nmap -v -O -A 18.104.22.168
-Aenables OS and service detection
- Combining this with
-T4allows for faster execution.