AltSci Concepts

Computer Journal

Computer Journal
Network Mapping
by Joel R. Voss aka. Javantea
Nov 11-13, 2005

NetMap2 0.2.2 Source [sig]
NetMap1 0.2.1 Source [sig]


Netmap1 Neg9 Talk
Netmap2 Neg9 Talk
Netmap2 Neg9 Project

The Network Mapping project (also known as Neg9 UW Network Project) plans to develop tools to report on the usage of public networks through active scanning of ports. The first two tools are known as netmap1. It uses Nmap to discover available hosts and discover open ports on the hosts. Netmap1 involves two tools that can be run as part of a script. parse_ping1.py and parse_port1.py are run by the script scan_full1.sh. The output of the script are a set of xml files and records in a MySQL database.

Since running a MySQL server concurrently while scanning ports is a ironic security vulnerability, the two tools can run without reporting to MySQL and will produce xml files that can be tarred, encrypted, and transported to a secure local network where the data can be imported into the database.


Netmap1 requires Nmap, Python, MySQL for Python, Bash, and a MySQL server.

There is a bug in certain wireless drivers that will result in a full kernel hang when running Nmap in a certain configurations used in Netmap1. This is a bug of the wireless driver. Use at your own risk.


Nmap is a very useful program for scanning networks, detecting computers, and finding open ports. But using Nmap on a public network with default options is foolish. For one, it puts a lot of stress on the hosts being scanned. Secondly, it is easily detectable and blockable by system admins. Finally, it is slow when the number of targets is very large (10,000). Netmap1 looks only for the ports that are useful in identification of computers.

The first command used is nmap which generates an xml file with hosts up and down.

nmap -sP -oX ping1.xml --host_timeout 1000 $IP
This command can be run as a user or as root, with different methods for each. Depending on security, it may be advisable to run as root.

I recommend not using the --randomize_hosts option. Although it would be useful, it is broken in the current revision (3.93).

The second command is parse_ping1.py. This parses the output of the previous command and creates a shell file to scan hosts.

python parse_ping1.py ping1.xml port1_
In the script, scan_full1.sh, we output this command to a file and then execute it.

The output of the previous command looks like this.

nmap -sS -P0 -T2 \
-p "21,22,23,25,37,53,80,113,135,139,443,445,\
1025,1433,3306,3389,5800,5900,6000,6881-6889" \
-oX port1_192.168.0.1.xml
The option -sS (Stealth SYN Scan) requires root. If you do not wish to use root, you can use -sT (Connect Scan) instead by modifying the script.

Using -p with the various ports ensures that the command finishes as fast as possible.

The last command simply prints the ports in the XML in case you missed them. If you are using MySQL, it inserts the ports into the database.

python parse_port1.py port1_192.168.0.1.xml
A sample network map database created with Netmap1 can be found here: Netmap1


Edit scan_full1.sh and run.
More detailed information coming soon.

Mod level: -1 0 1 2 3 4 5


Modded: 0
by bNxliRWQehZ on 01/02/12
You saved me a lot of hsalse just now.
Modded: 0
by wIzuHYBt on 01/03/12
I'm impressed. You've raelly raised the bar with that.
Modded: 0
by tGWJZsWqBmoLiT on 01/03/12
This info is the cat's pamjaas!
Modded: 0
by FMEwxkyABfPY on 01/04/12
If infotmraion were soccer, this would be a goooooal!
Modded: 0
by tLmesWkVvDNhjBy on 07/22/12
Yes, I agree the complete sytnax is as you say, but if you execute show mac-address on a cisco catalyst, this is what happens:B1-S1#show mac-address Mac Address Table -Vlan Mac Address Type Ports - 1 0060.5cb0.9801 DYNAMIC Fa0/5B1-S1#For the ARP answer to be right, the mac should be in the management vlan of the switch, and the switch should have an enabled IP address. If these two conditions aren't accomplished, the exhibit would be this one:B1-S1#show mac-address Mac Address Table -Vlan Mac Address Type Ports - 1 0060.5cb0.9801 DYNAMIC Fa0/5B1-S1#Regards.
Post a comment
Your Name: Login



RSS Feed
Home | Login | Others