I switched jobs recently to become sysadmin of a fairly small company. \u00c2\u00a0I think job #1 is to figure out just what is on your new network. \u00c2\u00a0It’s kind of important. \u00c2\u00a0This is the dumb little perl script I re-write every time I go someplace new because frankly – it’s fun!<\/p>\n
#!\/usr\/bin\/perl\r\nuse warnings;\r\nuse strict;\r\n#this should be run as root, otherwise nmap will probably yell at you\r\n\r\nmy $net=shift || usage();\r\n#the lazy, lazy regex to get the subnet you're working on...\r\n$net=~s\/(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.)\\d\/\/ || usage();\r\n\r\nforeach my $end(0..255)\r\n{\r\n my $ip =\"$net$end\";\r\n my ($fwd,$rev,$ud,$os) = (\"unknown\")x4;\r\n my $nmap =`nmap -v -O -sT $ip`; #save for later\r\n my @nmap =split(\"\\n\",$nmap);\r\n\r\n #get forward and reverse DNS\r\n chomp(my $host =`host $ip`);\r\n if($host!~m\/NXDOMAIN\/)\r\n {\r\n $fwd=(split(\" \",$host))[-1];\r\n chomp($rev=`host $fwd`);\r\n $rev=(split(\" \",$rev))[-1];\r\n $rev= \"\" unless $ip ne $rev; #only display if it doesn't equal the original ip\r\n }\r\n\r\n $ud = $nmap=~m\/Host seems down\/?'Down':'Up';\r\n #get the o\/s\r\n $os=(grep(\/Running\/,@nmap))[0] || '';\r\n if($os)\r\n {\r\n $os=~s\/Running: \/\/;\r\n $os=substr $os,0,25;\r\n }\r\n $fwd=substr $fwd,0,40;\r\n printf \"%-16s%-5s%-28s%-43s%-20s\\n\",$ip,$ud,$os,$fwd,$rev;\r\n}\r\nsub usage\r\n{\r\n print \"usage: >#!\/usr\/bin\/perl\r\nuse warnings;\r\nuse strict;\r\n#this should be run as root, otherwise nmap will probably yell at you\r\n\r\nmy $net=shift || usage();\r\n#the lazy, lazy regex to get the subnet you're working on...\r\n$net=~s\/(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.)\\d\/$1\/ || usage();\r\n\r\nforeach my $end(0..255)\r\n{\r\n my $ip =\"$net$end\";\r\n my ($fwd,$rev,$ud,$os) = (\"unknown\")x4;\r\n my $nmap =`nmap -v -O -sT $ip`; #save for later\r\n my @nmap =split(\"\\n\",$nmap);\r\n\r\n #get forward and reverse DNS\r\n chomp(my $host =`host $ip`);\r\n if($host!~m\/NXDOMAIN\/)\r\n {\r\n $fwd=(split(\" \",$host))[-1];\r\n chomp($rev=`host $fwd`);\r\n $rev=(split(\" \",$rev))[-1];\r\n $rev= \"\" unless $ip ne $rev; #only display if it doesn't equal the original ip\r\n }\r\n\r\n $ud = $nmap=~m\/Host seems down\/?'Down':'Up';\r\n #get the o\/s\r\n $os=(grep(\/Running\/,@nmap))[0] || '';\r\n if($os)\r\n {\r\n $os=~s\/Running: \/\/;\r\n $os=substr $os,0,25;\r\n }\r\n $fwd=substr $fwd,0,40;\r\n printf \"%-16s%-5s%-28s%-43s%-20s\\n\",$ip,$ud,$os,$fwd,$rev;\r\n}\r\nsub usage\r\n{\r\n print \"usage: $0 ex: $0 192.168.0.0\\n\";\r\n exit();\r\n}< ex: >#!\/usr\/bin\/perl\r\nuse warnings;\r\nuse strict;\r\n#this should be run as root, otherwise nmap will probably yell at you\r\n\r\nmy $net=shift || usage();\r\n#the lazy, lazy regex to get the subnet you're working on...\r\n$net=~s\/(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.)\\d\/$1\/ || usage();\r\n\r\nforeach my $end(0..255)\r\n{\r\n my $ip =\"$net$end\";\r\n my ($fwd,$rev,$ud,$os) = (\"unknown\")x4;\r\n my $nmap =`nmap -v -O -sT $ip`; #save for later\r\n my @nmap =split(\"\\n\",$nmap);\r\n\r\n #get forward and reverse DNS\r\n chomp(my $host =`host $ip`);\r\n if($host!~m\/NXDOMAIN\/)\r\n {\r\n $fwd=(split(\" \",$host))[-1];\r\n chomp($rev=`host $fwd`);\r\n $rev=(split(\" \",$rev))[-1];\r\n $rev= \"\" unless $ip ne $rev; #only display if it doesn't equal the original ip\r\n }\r\n\r\n $ud = $nmap=~m\/Host seems down\/?'Down':'Up';\r\n #get the o\/s\r\n $os=(grep(\/Running\/,@nmap))[0] || '';\r\n if($os)\r\n {\r\n $os=~s\/Running: \/\/;\r\n $os=substr $os,0,25;\r\n }\r\n $fwd=substr $fwd,0,40;\r\n printf \"%-16s%-5s%-28s%-43s%-20s\\n\",$ip,$ud,$os,$fwd,$rev;\r\n}\r\nsub usage\r\n{\r\n print \"usage: $0 ex: $0 192.168.0.0\\n\";\r\n exit();\r\n}< 192.168.0.0\\n\";\r\n exit();\r\n}<\/pre>\nExample output:<\/p>\n
monitor:~ imaginarybillboards$ sudo perl Documents\/check_network.pl 192.168.2.0\r\n192.168.2.0 Down unknown unknown\r\n192.168.2.1 Up SonicWALL SonicOS 3.X firewall.private.blah.com.\r\n192.168.2.2 Down switch.private.blah.com.\r\n192.168.2.3 Up Cisco IOS 12.X ck-sw0.private.blah.com.\r\n192.168.2.4 Down unknown unknown\r\n192.168.2.5 Down unknown unknown<\/pre>\nAnd without down hosts (a little more directly useful, perhaps):<\/p>\n
monitor:~ imaginarybillboards$ sudo perl Documents\/check_network.pl 192.168.2.0 | grep -v Down\r\n192.168.2.102 Up Apple Mac OS X 10.5.X monitor.private.blah.com. 192.168.2.105\r\n192.168.2.103 Up Linux 2.6.X cartman.private.blah.com.\r\n192.168.2.104 Up Linux 2.6.X kenny.private.blah.com.\r\n192.168.2.105 Up Apple Mac OS X 10.5.X monitor.private.blah.com.\r\n192.168.2.107 Up Microsoft Windows XP unknown unknown\r\n192.168.2.108 Up Apple iPhone OS 1.X|2.X|3 unknown unknown\r\n192.168.2.110 Up Apple Mac OS X 10.5.X unknown unknown\r\n192.168.2.112 Up Apple Mac OS X 10.5.X unknown unknown<\/pre>\nObviously, I have a bit of work to do with that monitor DNS. \u00c2\u00a0This gives me a decent idea of what's around. \u00c2\u00a0Servers and desktops (and iphones apparently) are all mixed on the same network.<\/p>\n
Also, once I've (re-)written this, I put into a cron job so I can keep a running track of what's going on. \u00c2\u00a0Disk space is cheap, and it can't hurt anything.<\/p>\n
crontab -l\r\n0 2 * * * \/bin\/bash -login -c 'perl \/Users\/chriskaufmann\/Documents\/check_network.pl 192.168.200.0 > \\\r\n \/Users\/chriskaufmann\/Documents\/NetworkReports\/`date +\\%y-\\%m-\\%d`'<\/pre>\nAnd then you can just diff them to see when something came onto the network.<\/p>\n","protected":false},"excerpt":{"rendered":"
I switched jobs recently to become sysadmin of a fairly small company. I think job #1 is to figure out just what is on your new network. It’s kind of important. This is the dumb little perl script I re-write every time I go someplace new because frankly – it’s fun!<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[15,6],"tags":[10,33],"_links":{"self":[{"href":"http:\/\/www.imaginarybillboards.com\/index.php?rest_route=\/wp\/v2\/posts\/96"}],"collection":[{"href":"http:\/\/www.imaginarybillboards.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.imaginarybillboards.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.imaginarybillboards.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.imaginarybillboards.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=96"}],"version-history":[{"count":6,"href":"http:\/\/www.imaginarybillboards.com\/index.php?rest_route=\/wp\/v2\/posts\/96\/revisions"}],"predecessor-version":[{"id":101,"href":"http:\/\/www.imaginarybillboards.com\/index.php?rest_route=\/wp\/v2\/posts\/96\/revisions\/101"}],"wp:attachment":[{"href":"http:\/\/www.imaginarybillboards.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=96"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.imaginarybillboards.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=96"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.imaginarybillboards.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=96"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}