Hi. This is Mike Danseglio and today I am going to show you a little bit about network mapping and the approaches you can use within Windows using the built-in Windows tools. Now, the built-in Windows tools, I’ll you right up front, are fairly basic, fairly limited. They do not give a great idea of what is on the network. They are a quick and dirty technique that you can use in order to take a very brief look around, but you have to understand some of the limitations and set back that are in these tools.
Right here I am showing you the Network and Sharing Center in Windows 7. When I click on See Full Map, Windows will actually go out and enumerate the Network using a bit of a net view, which I will show you in a minute the raw command behind that. Windows takes the information it gets back from that query, puts it on a map in a very rudimentary way, and then it displays on the bottom-left the bits and pieces that it could not quite place within the map. This gives me a really basic, limited view of what is on the network, but it does enumerate a few different hosts so I do know that something is going on. It is not a bad start, but it is certainly not complete.
For a slightly more complete list I can show you that there is actually more of a spreadsheet view that you can look at. It is the same kind of data just with a slightly different vantage point and it shows the IP address for some of the hosts. It shows the MAC address for some of the hosts, shows some of the same hosts and so forth. The interesting thing to notice there is that it is a real incomplete list, not only is there a bunch of hosts on my network but it’s not listing. You will have to take my word for that, but I have a dozen or so live network hosts going on right now.
Even for those that Windows can find, Windows cannot really display all of the data. It is missing some MAC addresses, it is missing some IP addresses and so forth. The reason it is missing all that is because the underlying technology behind it that I am going to show you right now is just not supplying that data. This technology and this data gathering has been relatively unchanged for the past fifteen years or so.
I am going to bring up a command line interface and I will show you by just clicking net view /all on my network displays the Network Neighborhood. That is what it used to be called, these are the hosts that are out there broadcasting. They are saying I have some information or some repository of interest. That is primarily where Windows discovers the hosts that it can enumerate and that it can display for me. I can then, if I really want to, to further examine that network and further build a network map, I could take a look in more detail at one of the hosts (net view \\raid1vault). What will happen here is that it will display for me what is going on in the share, which shares are available, the comments, and so forth. Real basic information, but this is the way we page around with Windows if we are using the core tools.
Another core tool in Windows is nbtstat, I use this to start gathering information about what hosts have been resolved, which hosts are in my NetBIOS cache. I can also take a look at the ARP cache to see which IP addresses have been resolved to physical addresses. Then I have to do extra steps with that, for example, if I have a list of addresses in the ARP table I now need to resolve those to find out what they are. For (the host at 192.168.1.4) I have the MAC address, I have the IP address, and now I finally have the host address.
So this takes quite a while to do manually to assemble all of this data, to cobble it all together and see what is going on. Is this the best way to enumerate a network? Absolutely not. There are a lot of great tools out there, some free, some inexpensive, some very expensive, some widely deployed, some non-widely deployed. However, you should understand what the tools are that built in Windows so that you can make your own decision about what kind of information you are looking for, what level of simplicity, and then how to make the right decision for yourself.