Results 1 to 12 of 12

Thread: fast pinging subnet

  1. #1

    Thread Starter
    PowerPoster
    Join Date
    Dec 2004
    Posts
    25,618

    fast pinging subnet

    i am revisiting this topic as i want to be able to find a list of devices on a network

    i previously used some code posted by olaf schmidt
    http://www.vbforums.com/showthread.p...=1#post4476707

    i had some issue with erratic results as posted
    http://www.vbforums.com/showthread.p...=1#post4583991
    but believe i did have some solution for that at the time, though for some reason i can not find, despite extensive searching on my machine, any previous code from when i was testing

    but the main part of the question is:
    is there any way to get some meaningful description of the devices, either from the ip or mac address, i have tested with ipconfig, nmap, and any other suggestions found on the internet, but so far have nothing that returns anything useful to find what actual device is on a given ip address
    i do my best to test code works before i post it, but sometimes am unable to do so for some reason, and usually say so if this is the case.
    Note code snippets posted are just that and do not include error handling that is required in real world applications, but avoid On Error Resume Next

    dim all variables as required as often i have done so elsewhere in my code but only posted the relevant part

    come back and mark your original post as resolved if your problem is fixed
    pete

  2. #2
    PowerPoster
    Join Date
    Jun 2015
    Posts
    2,229

    Re: fast pinging subnet

    This might help point you in a good direction. http://stackoverflow.com/questions/6...network-device

    basically once you've got an IP you can poke at the ports, and detect what services are running.
    This gives a 'fingerprint' of what kind of a device you're looking at.

    edit: unless you've got a firewall in between - nmap should be pretty good?
    Last edited by DEXWERX; Jan 30th, 2017 at 09:11 AM.

  3. #3
    PowerPoster dilettante's Avatar
    Join Date
    Feb 2006
    Posts
    24,487

    Re: fast pinging subnet

    If you have a specific need there might be some options, but there is no "crystal ball" to magically do "anything you might imagine."

    TCP/IP hosts are not required to expose any particular protocols for random probing. However some of them do have information they are willing to share via different protocols.

    For example most Windows devices supporting "Microsoft Networking" (NetBIOS/NetBT) and those providing clones of the protocol (Samba) will share some info about themselves. If the LAN has a DNS server it might also share information about hosts. Many kinds of devices support UPnP and will share information about themselves. Most LANs have a DHCP server that may share info from its tables, and some SOHO routers will share their DHCP info via UPnP.

    The Windows Shell (Shell32.dll) makes use of UPnP to gather its "Network Neighborhood" information, though it only exposes a few details directly.


    However some random device on a LAN may not support any of these protocols. For example many new consumer IP Cam devices these days do not respond to ICMP pings and have moved their access protocols to non-standard ports for HTTP and other protocols they support, often requiring HTTPS. Commercial products may support a "discovery and identification" protocol under ONVIF but that has security to prevent casual snooping. Too much fear of abuse has developed in society at large for these devices to remain open and accessible.

  4. #4
    Addicted Member
    Join Date
    Feb 2014
    Location
    USA
    Posts
    134

    Re: fast pinging subnet

    Finally, a topic right up my alley! Was excited to see someone else out there interested like myself. Much of what Dex and dilettante said is very true. All these methods need to be used and then some.

    Currently there's no other software in the world that identifies what devices actually are, very well anyway. But I'm involved with a product right now trying to do exactly what you describe, called Slitheris Network Discovery, and it's written 100% in VB Classic! It's only at v1.1, so we have a ways to go before true "device type fingerprints", but I think we'll be able to pull it off. Check it out, it's free for up to 50 network devices and can even estimate age based on just a MAC address. You'll find already it gets a lot more information than any of the free apps like Advanced IP Scanner or Angry IP Scanner. So I think we're on the right track.

    nmap is great, but it's very lacking on the device identification side. For example, point it at a Windows Server with full credentials and it tells you it's a "General Purpose" device, meaning it has no idea. It should be telling you it's a server. Nmap can distinguish some esoteric network devices though using TCP/IP fingerprints. If you're wanting to start from scratch, definitely start with pings (ICMPSendEcho2 or 3 is best) and look at the TTL. If it's 128, you can tell with a high-degree of certainly it's at least a Windows device. Then for devices supporting ARP, you can look in the ARP cache after pinging to find any devices that aren't responding to pings, which is where you'll find the MAC address as well. All devices running IPv4 must respond in that fashion, so no device can hide from ARP. But for subnets without ARP and where a device doesn't respond to ping (such as the Interwebs), we probe individual ports to see if any are responding in order to detect presence. That way we find the most devices possible. It's a little more involved than that, but you get the idea.

    After nailing down actual presence detection, the next step is talking to all the protocols directly. NetBIOS, UPnP, SNMP, SMB, telnet, FTP, SSH, HTTP(S), as many as you can code for. And I don't mean just checking they exist, but also getting pre-authorization info. That's very difficult and time-consuming. Then you have some newer cloud-only network devices without any ports. For example, Amazon Echo's no open or closed ports, so we'll rely on creating a special MAC address database for those. We already have 3 years of research & development invested in this and it's been very tough, but I don't think impossible.

    One of my dreams is creating an online database where you can punch in any MAC address and get a device type and other info for it. I imagine that could be a very popular website.

    EDIT: Forgot to add, don't bother using SendARP mentioned in that post you referenced. Pinging a device on the local subnet will always put that device into the ARP cache. Then use GetIpNetTable() to check if it's there. That's all SendARP really does, except it "blocks" and does it very slowly.
    Last edited by CrazyDude; Jan 30th, 2017 at 01:35 PM. Reason: SendARP mention

  5. #5
    PowerPoster dilettante's Avatar
    Join Date
    Feb 2006
    Posts
    24,487

    Re: fast pinging subnet

    If I recall correctly, many Ethernet adapters will accept a user-defined MAC address. I think I did some work at a site that assigned their own on every PC and Server as a security measure.

  6. #6
    Addicted Member
    Join Date
    Feb 2014
    Location
    USA
    Posts
    134

    Re: fast pinging subnet

    That can be done, though I haven't seen anyone doing that among our users. And since this software is made for users that might have credentialled access to Windows machines, it could check each Ethernet adapter via local API and see the original physical burned-in MAC that can't be changed. Windows 10 also has a built-in anonymous MAC address option. There are millions of MACs that are meant for anonymous use, so we'd at least be able to tell it's anonymous and not give incorrect info, plus there are ports that could override any MAC DB. But again, it's rare and it's not possible with most IoT devices. If this was really a problem, we wouldn't bother, trust me.

  7. #7
    PowerPoster dilettante's Avatar
    Join Date
    Feb 2006
    Posts
    24,487

    Re: fast pinging subnet

    Quote Originally Posted by CrazyDude View Post
    But again, it's rare and it's not possible with most IoT devices.
    Well you can set the MAC on IoT devices based on the ESP8266, at least their WiFi Station MAC. Most of these only use their WiFi AP MAC when reset into configuration mode to expose setup web pages.

    Those are beginning to push the Atmel AVRs (Arduinos, etc.) out of the market, and as the price of the newer ESP32 comes down AVR may be dead.

  8. #8
    Addicted Member
    Join Date
    Feb 2014
    Location
    USA
    Posts
    134

    Re: fast pinging subnet

    Quote Originally Posted by dilettante View Post
    Well you can set the MAC on IoT devices based on the ESP8266, at least their WiFi Station MAC.
    But *again*, it's [exceedingly] rare and it's not possible with *most* IoT devices. Seriously though, it's not a problem. We've gotten scans back from 100's of corporate and enterprise users and hardly any MAC addresses are ever spoofed or changed. Even when one can change the MAC on very few devices, 99.999% of people don't bother. I stand by my statements of using the MAC address for identification of device type being necessary and very useful. Should I assume you don't agree?

  9. #9
    PowerPoster dilettante's Avatar
    Join Date
    Feb 2006
    Posts
    24,487

    Re: fast pinging subnet

    I doubt it does what the OP was after above in any case. But then again we can only guess at what that was since we never got any details.

  10. #10
    Addicted Member
    Join Date
    Feb 2014
    Location
    USA
    Posts
    134

    Re: fast pinging subnet

    Then I must be quite the idiot, because I was responding this part of the OP's post:

    Quote Originally Posted by westconn1 View Post
    but the main part of the question is:
    is there any way to get some meaningful description of the devices, either from the ip or mac address, i have tested with ipconfig, nmap, and any other suggestions found on the internet, but so far have nothing that returns anything useful to find what actual device is on a given ip address
    I talked about how one can go about that and showed actual proof that I was involved in a project trying to do that very thing. And that is "a way to get some meaningful description of the devices, from an ip or mac address".

    How is what I talked about in my posts not what the OP was after? Because if it's not, I should never post. LOL

  11. #11

    Thread Starter
    PowerPoster
    Join Date
    Dec 2004
    Posts
    25,618

    Re: fast pinging subnet

    thnx crazy, sounds like what i am after,

    to clarify what i wanted to achieve (for my own use) was to obtain to obtain the ip address of a specific WAP on the network, so i could change some setting, so i can ping the subnet, to identify all the currently used ipaddress (many of which are statically assigned) i do know the ips of most of the fixed computers, and the address range of the gateway and dhcp pool, which would only leave maybe 30 or so unidentified devices, but i was trying to avoid having to try to load the setup webpage for each of those ip addresses, to try to find the correct WAP

    please note i have already changed the settings for that WAP now, so this would be useful for any future occasion, but is not in any way urgent, some of the networks i work on have wireless links to other locations, makes it hard to go round checking devices for mac addresses, i am not even sure what some of the devices are, having been installed by telephony or other companies, ip phones, music on hold device, solar power monitoring, etc etc

    i doubt that any mac spoofing has been done on these networks, but....

    i will download and look at your software later today
    i do my best to test code works before i post it, but sometimes am unable to do so for some reason, and usually say so if this is the case.
    Note code snippets posted are just that and do not include error handling that is required in real world applications, but avoid On Error Resume Next

    dim all variables as required as often i have done so elsewhere in my code but only posted the relevant part

    come back and mark your original post as resolved if your problem is fixed
    pete

  12. #12
    PowerPoster dilettante's Avatar
    Join Date
    Feb 2006
    Posts
    24,487

    Re: fast pinging subnet

    If you only need limited information from visible devices on your LAN you can get a few things from the Windows Shell. It can take a while to retrieve information if some devices are slow to respond.

    The device you run it on will generally report the IP address of 127.0.0.1 and a bogus MAC address because it can "see" itself without using another adapter.

    Name:  sshotsm.jpg
Views: 175
Size:  22.3 KB

    Code:
    Option Explicit
    
    Private Sub Form_Load()
        Const ssfNETWORK = 18
        Dim RS As ADODB.Recordset
        Dim Folder As Object
        Dim Cols As Long
        Dim ColWidth() As Single
        Dim I As Long
        Dim Value As String
        Dim FolderItem As Object
        Dim TempWidth As Single
    
        Set RS = New ADODB.Recordset
        RS.CursorLocation = adUseClient
        MousePointer = vbHourglass
        Show
        DoEvents
    
        Set Folder = CreateObject("Shell.Application").NameSpace(ssfNETWORK)
        Cols = 10 'A high estimate.
        ReDim ColWidth(Cols - 1)
        Set picFont.Font = HFlexGrid.FontFixed
        With RS
            With .Fields
                For I = 0 To Cols - 1
                    Value = Folder.GetDetailsOf(Folder.Items, I)
                    If Len(Value) Then
                        .Append Value, adVarWChar, 255
                        ColWidth(I) = picFont.TextWidth(Value)
                    Else
                        Exit For
                    End If
                Next
                Cols = I
                ReDim Preserve ColWidth(Cols - 1)
            End With
            .Open
            .Fields("Name").Properties("Optimize") = True
            .Fields("Category").Properties("Optimize") = True
        End With
        Set picFont.Font = HFlexGrid.Font
        With RS
            For Each FolderItem In Folder.Items
                .AddNew
                For I = 0 To Cols - 1
                    Value = Folder.GetDetailsOf(FolderItem, I)
                    .Fields(I).Value = Value
                    TempWidth = picFont.TextWidth(Value)
                    If TempWidth > ColWidth(I) Then ColWidth(I) = TempWidth
                Next
                .Update
            Next
            .Sort = "[Category] ASC, [Name] ASC"
        End With
        With HFlexGrid
            Set .DataSource = RS
            .ColWidth(0) = 240
            For I = 0 To Cols - 1
                .ColWidth(I + 1) = ColWidth(I) + ScaleX(8, vbPixels, ScaleMode)
            Next
        End With
        RS.Close
    
        MousePointer = vbDefault
    End Sub
    
    Private Sub Form_Resize()
        If WindowState <> vbMinimized Then
            HFlexGrid.Move 0, 0, ScaleWidth, ScaleHeight
        End If
    End Sub
    Only tested on Windows 10. If it gives you trouble try commenting out the lines in red above until you have the column names, which you can then plug in. Those may well vary by OS version and probably even by language settings.

    Or skip the sorting. Then you can skip the Recordset entirely and just manually plug things into HFlexGrid.
    Attached Files Attached Files

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width