Disclaimer: This is by no means perfect and could definitely be done with off the shelf tools in a more efficient manner. The idea was to create a semi-automated solution from scratch and not be tool dependent.
Solution
#!/usr/bin/python
# Check a range of IPs to see if any hosts respond to 1 echo request packet
# Created/tested with Python 2.7.3 on Ubuntu 12.04 i686
import sys
import subprocess
import re
ip_sub = "10.0.2."
ip = ""
if len(sys.argv) != 1:
sys.exit('Usage: %s' % sys.argv[0])
def packetLoss():
ip = ip_sub + str(r)
p = subprocess.Popen(['ping -c 1 ' + ip], shell=True, stdout=subprocess.PIPE)
for line in p.stdout.readlines():
searchStr1 = re.search( r'packet loss', line, re.M|re.I)
if searchStr1:
searchStr2 = re.search( r'100\% packet loss', line, re.M|re.I)
if searchStr2:
print " [*] " +ip+ " - Did not respond"
else:
print " [*] " +ip+ " - Responded"
retval = p.wait()
return;
for r in range(10, 17):
packetLoss()
Here's output of the script:
$ python check_subnet.py
[*] 10.0.2.10 - Did not respond
[*] 10.0.2.11 - Did not respond
[*] 10.0.2.12 - Did not respond
[*] 10.0.2.13 - Did not respond
[*] 10.0.2.14 - Did not respond
[*] 10.0.2.15 - Responded
[*] 10.0.2.16 - Did not respond
The main takeaway from this post is to emphasize the need to understand how your tools work. Anybody can use a tool, but an analyst that knows what the tools are doing "under the hood" have a higher probability of success when stressful and inopportune situations arise.
Here's output of the script:
$ python check_subnet.py
[*] 10.0.2.10 - Did not respond
[*] 10.0.2.11 - Did not respond
[*] 10.0.2.12 - Did not respond
[*] 10.0.2.13 - Did not respond
[*] 10.0.2.14 - Did not respond
[*] 10.0.2.15 - Responded
[*] 10.0.2.16 - Did not respond
The main takeaway from this post is to emphasize the need to understand how your tools work. Anybody can use a tool, but an analyst that knows what the tools are doing "under the hood" have a higher probability of success when stressful and inopportune situations arise.
No comments:
Post a Comment