How to assess computers on your local area network

I teach children how to programm and do other things with technology in an organisation called Coding Pirates in Denmark, which aims to be a kind of scout movement for geeks. A best seller among the kids is learning how to hack and I see this as a unique opportunity to convey some basic human values in relation to something that can be potentially harmful.

Yesterday, I and one of the kids played with nmap, the network surveying tool, to investigate our local area network. The aim was to find information about the computers that were attached, such as operating system, system owner’s first name (often part of the computer name) and whether any computer had open server ports (SSH, web etc.). We used nmap in combination with Wireshark.

  1. Tell another person about a fun website (any website will do)
  2. Use wireshark to detect the IP address (e.g. of any computer that accesses that website
  3. Use nmap to scan the IP address we found: nmap -vS

We also learned how to detect that someone logs into your computer and e.g. kick the person (assume an Ubuntu host):

# Monitor login attempts
tail -f /var/log/auth.log
# See active sessions
# List remote sessions
ps fax | grep 'pts/'
# Kill sessions
kill -9 [pid of bash processes connected to session]

Other tricks

List all hosts (ping scan) on your local area network:

nmap -sP 192.168.1.*

Find computers on your local area network that run an SSH server:

nmap -p 22 --open -sV 192.168.1.*

Leave a Reply