Using "NMAP" for the first time via CLI

mwotim · 2022-02-18 12:29:35

Can someone please explain what the best way is to scan my network?

I don't see anything on my Gnome Network Manager..

I thought it was 73.123.112.0/21 based on something I saw via iproute, this resulted in a 6.5 hour estimated time frame for my first net scan, forcing me to reboot in fear that my isp would get mad.

I also see 73.123.118.150/21(inet) via ip neighbor which result in a rather lengthy scan as well.

I tried this as an unmodified "nmap" command and also using "nmap -sP" - both scans experiencing huge delays, which is odd as I am not having any bandwidth issues for gaming whatsoever.

I watched a youtube video where a guy had a really fast (a fraction of a second?) for these types of scans on his network.

I want to monitor my network using this program.

Slithery · 2022-02-18 12:33:08

Both of those are public networks, each one covering 2048 random hosts on the internet.

What's the output of...

ip a

seth · 2022-02-18 13:41:31

Also

Can someone please explain what the best way is to scan my network?
…
I want to monitor my network using this program.

Which is it?
nmap is a port scanner, tcpdump/wireshark are traffic monitors and netstat/ss allow you to inspect open sockets.
What do you *actually* want to do?

mwotim · 2022-02-18 21:41:32

Slithery, here's what I got from listing all of something using that ip address command (ip a):

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 1c:69:7a:4c:61:05 brd ff:ff:ff:ff:ff:ff
inet 73.123.118.150/21 brd 73.123.119.255 scope global dynamic noprefixroute enp5s0
valid_lft 294361sec preferred_lft 294361sec
inet6 2001:558:6017:171:403c:4570:efe0:cccd/128 scope global dynamic noprefixroute
valid_lft 300307sec preferred_lft 300307sec
inet6 fe80::3000:8d2a:5018:1cdd/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether fa:b4:72:70:2a:04 brd ff:ff:ff:ff:ff:ff permaddr 64:bc:58:e5:40:c5

Hello Seth,

I want to do everything you mentioned, I did my first wireshark GUI scan as a USER shortly after posting this, and saved a snapshot in a folder I created on my home directory titled "Wireshark," since I have a lot catching up to do.

Btw, it seems like I have to add myself as a user to a new wireshark group every time I use the GUI or tshark, - or I get error messages, pls advise if this is normal or not.

I just learned of the 'ss' command a few days ago, and reviewed the arch wiki, i find it both useful and convenient to begin an investigation of my network, but really do not have any experience tbh.

Thank you!

Last edited by mwotim (2022-02-18 21:46:45)

seth · 2022-02-18 21:59:30

You're exposing your WAN IP since apparently you're not in a LAN behind a NAT'ing router but directly wired to the modem.
You might want to obfuscate that and also this implies that you do not have "my network" and scanning around in Comcast's segment will get you in trouble w/ them (in doubt they'll restrict your access for suspicious behavior - I guess they won't send a kill team, though)

https://wiki.archlinux.org/title/Wiresh … privileges
It's normal that you have to add yourself to the wireshark group - "every time I use the GUI or tshark" suggests that you might want to re-login.
You're added to a group or you're not, but a running login shell will not capture updates to this.

Slithery · 2022-02-18 22:01:45

How are you connected to the internet?
73.123.118.150 is a public IP which would mean that this is a WAN connection and you don't have a local network.

mwotim · 2022-02-19 09:21:19

Well, it's been over 20 years since I took telecom 101 at NEU as a business major with a temporary minor in computer science.

I have to admit I don't have any basic knowledge of networking lingo.

As this is a private residence, we have a coaxial cable coming out of the wall and directly to a store bought NON-WIFI) router.

Now we want to study our home network without getting into trouble with our isp of course,.

It seems a lot of online teachers skip right over the fundamentals and inadvertently cause confusion for those who clearly do not fully understand the basics

I've learned a lot of hardware and software mechanics recently and want to keep my family safe in the future by mapping our network and learning the basics of network monitoring without using any virtual hosted services.

We had problems with network security and online gaming and decided to learn more about our home network before attempting to setup a router firewall such as pfsense

Our focus at this time is network mapping and monitoring and we became attracted to nmap, wireshark and the Arch Linux CLI.

We want to thank you for your understanding as we continue our journey away from Microsoft permanently, and we appreciate your understanding with all this.

Now, it seems the youtuber failed to explain the basics of what sort of network he was using, causing unnecessary confusion which probably raised some red flags with network security who are probably familiar with people scanning the wrong network for legit reasons, i would hope!

I am sure I am not the first person to scan the wrong network in an attempt to look into their own network.

We may want to eventually set up a LAN vs. a WAN it seems, since we now know we will be using Arch Linux over the long term and are not fully satisfied with the Network Manager provided by the Gnome Desktop community..we have not had much luck finding good information on netctl mentioned by the staff of Quad9 who we use on our web browser.

This means that our online gaming seems to be using the dns provided by our isp, which is a step back from our microsoft network it seems.

I am not sure what the best way is to setup a LAN without having another computer system for the intended pfsense installation.

In the meantime we will move forward with our goal to educate ourselves about networking, how to setup pfsense on a separate piece of hardware, and how to manage our DNS from within a router firewall such as PF Sense somehow, perhaps in coordination with pfblocker-ng

This will have to be done with the sources of iblocklist, since we do not wish to add another penny to a man who insults children on the phone and via email.

But I digress..!

We are now wondering if anyone here has successfully installed PF Sense on a ProtectLi Firewall appliance via the Arch Linux CLI.

And if the Gnome Network Manager can be used to set it up using the dhclient command in particular, pls advise

Last edited by mwotim (2022-02-21 11:25:32)

seth · 2022-02-19 12:27:13

we have a coaxial cable coming out of the wall and directly to a store bought Netgear (NON-WIFI) router.

That may be, but the systems network config doesn't look like anything that is connected to a consumer grade modem/router combo - rather like something connected directly to a modem.
I suggest you forget about nmap, firewalls, your DNS config et al. for the moment.

* what's the exact model of the "store bought Netgear router"?
* is your computer connected to it w/ an rj45 cable (an ethernet cable that will say "cat5 or cat6")?
* if not, what is it connected to?
* if yes, are there more devices connected to that router?

Finally:

now wondering if anyone here has successfully installed PF Sense on a ProtectLi Firewall appliance via the Arch Linux CLI.

Or are you trying to install arch on that thing, to turn it into an external firewall (for waht network?) itself?

mwotim · 2022-02-20 13:49:43

Hi Seth, its the XXX model, bought second hand.

I used the standard yellow ethernet cable to connect it directly to my pc.

Now i've just uncovered a massive spying op (presumably by fbi because my stepmom lied under oath about me having a "mental illness" history that was never documented) having to do with sales of psychotronic bone generators for my computer - as soon as I searched wireshark for "ssh" and began tinkering with the dns settings for wireshark et. al. "preferences," all the ssh activity ceased abruptly and I saw an error message regarding an "interrupted system call" of some sort.

So this explains an earlier post about having an issue playing a popular mmo while setting our firewall to limit ssh traffic.

It's all connected. sorry if i'm a bit off topic but this has been ongoing for many months and they apparently have no goals of stopping despite the fact I am off federal probation in one month for being wrongfully convicted of THOUGHT CRIMEs..!

So if any one on the team of moderators is ever thinking about joining the public sector (i was an intern at the dod in south boston during 911) I strongly suggest they reconsider based on my experience in a mental institution for crimes of thinking in my cell where i was held for over 3 years without a trial - all legal in america!

So one day when the bullets on the resume start producing fruit - remember the name "matt oliver," the man the boston fbi tried to send to prison for life for simply thinking about taking energy from someone's soul using a psychotronic crystal that interfered with there mind control programs of a fake religon from a religous cult that sacrifices babies on an altar while physically harming children as part of a "key to get into heaven!" but i digress!

The external network will have to wait! as this hardline has been spliced multiple times/ways before i was "placed" in this building imo, and during recent "upgrades" to the neighborhood!

So it appears that blizzard, xfinity, the fbi and certain other elements have all been holding their collective breathe for the past year to print another FAKE NEWS story about "matt olliver," a self described "vampire" who says he is "satan," which simply refers to "adversary," according to the daniel BROWN book I read in prison without hope of having the freedom to play popular video games and go to chaturbate for example!!

Hooray!

Last edited by mwotim (2022-02-21 09:35:13)

seth · 2022-02-20 14:12:15

That's a cable modem, nout a router (what fits the output you've posted)

In order to build a LAN you'll need a switch/router combo and I suggest to get one from a store - though you could techincally turn the ProtectLi into such thing, it requires some expertise.
These consumer routers provide some basic shielding because they'll not unconditionally forward incoming traffic to the devices behind and they also come w/ a dhcp server that will distribute LAN IPs to the attached clients and they're typically also what may or not provide WiFI APs.

ewaller · 2022-02-20 15:20:18

mwotim wrote:

Now i've just uncovered a massive spying op (presumably by fbi because my stepmom lied under oath about me having a "mental illness" history that was never documented) ......
......FAKE NEWS story about "matt olliver," a self described "vampire" who says he is "satan," which simply refers to "adversary," according to the daniel BROWN book I read in prison without hope of having the freedom to play popular video games and go to chaturbate for example!!
Hooray!

Dafaq? I hope that is an attempt at joke or that you have been posting while drinking. Either way, it does not belong here. Consider this a warning.

As Seth points out, it is a cable modem, not a router. So you have no local network and your computer is part of the cable companies subnet. And yes, they do monitor it for network discovery activity.

Arch Linux

#1 2022-02-18 12:29:35

Using "NMAP" for the first time via CLI

#2 2022-02-18 12:33:08

Re: Using "NMAP" for the first time via CLI

#3 2022-02-18 13:41:31

Re: Using "NMAP" for the first time via CLI

#4 2022-02-18 21:41:32

Re: Using "NMAP" for the first time via CLI

#5 2022-02-18 21:59:30

Re: Using "NMAP" for the first time via CLI

#6 2022-02-18 22:01:45

Re: Using "NMAP" for the first time via CLI

#7 2022-02-19 09:21:19

Re: Using "NMAP" for the first time via CLI

#8 2022-02-19 12:27:13

Re: Using "NMAP" for the first time via CLI

#9 2022-02-20 13:49:43

Re: Using "NMAP" for the first time via CLI

#10 2022-02-20 14:12:15

Re: Using "NMAP" for the first time via CLI

#11 2022-02-20 15:20:18

Re: Using "NMAP" for the first time via CLI

Board footer