I want to use zenmap in Ubuntu 15.10 to do a local scan of all IP addresses, however, when in the network config, I try to set a netmask of 0.0.0.0, it won't accept it. OK, so I thought I could just do 2 scans and put them together, but when I set it to 1.0.0.0 and then come back in, it ends up being changed to 255.0.0.0. So,
I tried to modify /etc/network/interfaces and added the eth0 interface with a netmask of 0.0.0.0. When I restarted networking and ran ifconfig, it ended up giving me 255.255.0.0as the netmask. Surely, there is a way to do a local-only full network scan.
Does anyone know how?
EDIT: What I'm trying to accomplish is to scan my local network for any devices responding to
0.0.0.0-255.255.255.255I suppose I could give my network adapter an address on each 255.0.0.0 segment and just scan them all that way, but I was hoping for an easier solution (and one that would avoid the PC from detecting itself on whatever IP is responds to in each of those 255 subnets). I guess that will be the way.
2 Answers
Your question is not clear on where you're trying to set your netmask. The below will count for both ZenMap scan parameters and your system.
Your System
0.0.0.0 isn't a valid netmask for a local IP address. The IPv4 private spaces are (in CIDR notation, thanks to ARIN:
10.0.0.0/8(aka10.0.0.0/255.0.0.0) IP addresses:10.0.0.0 - 10.255.255.255.172.16.0.0/12(aka172.16.0.0/255.240.0.0) IP addresses:172.16.0.0 - 172.31.255.255192.168.0.0/16(aka192.168.0.0/255.255.0.0) IP addresses:192.168.0.0 – 192.168.255.255
Either use one of these, or use the one actually assigned to the network you're on. Netmask 0.0.0.0 is not safe to use with a system IP address netmask, nor will it actually work as you think it will. It's also not really a 'valid' netmask, it's a 'special' one that isn't really usable in addressing...
ZenMap Scanning Parameters of Netmask to scan for
The net mask 0.0.0.0 (in CIDR, /0) denotes "Every address to exist in all the universe" which is an invalid netmask for a specific IP range - you typically only see this with the IP address of 0.0.0.0, which with CIDR is 0.0.0.0/0 denotiong the entirety of the Internet.
If you are trying to scan all local IP addresses, you're going to be working within the confines of your network. The first place to start is by determining the netmask for your private network segment (in a home router, probably 192.168.1.0/24 which indicates only the last octet changes).
Some other common 'private IP space' scans I've used, from 'fastest' to 'most evil':
192.168.1.0/24- scans192.168.1.0through.255- Fairly fast, < 10 minutes with small networks, for me.192.168.0.0/16- scans the entire 192.168.* range (which is the entire IP range for this set of private IP groups) - Takes a long time to complete172.16.0.0/12- scans the entire range of172.16.0.0through172.31.255.255(which is the entire IP range for this set of private IP groups) - takes a VERY long time to complete10.0.0.0/8- scans the entire range of10.0.0.0through10.255.255.255(which is the entire IP range for this set of private IP groups) - takes an EXTREMELY long time to complete.
Ideally, though, you know the address space you're scanning, and the exact netmask you want to be using. Most home-grade private networks are 192.168.x.*, where x denotes a specific octet, such as 100, and * denotes any other address in the final octet. You also typically see common home networks with a CIDR of /24 (old style netmask of 255.255.255.0) on these nets.
ZenMap tl;dr: Don't use 0.0.0.0 or /0 for your netmask/CIDR amount. Either use the CIDR/netmask for the private IP space you're focusing on in its entirety, or use the netmask that you know the network is using. (DO NOT use 0.0.0.0, you'll end up scanning the Internet!)
After all of my research, Ubuntu won't allow a netmask of anything larger than 255.0.0.0, and I couldn't find a way to trick it out of this (although it seems trivial that it shouldn't allow it), so I wrote a small script to change my IP address (starting at 1.0.0.0, then 2.0.0.0... all the way through 255.0.0.0), reset networking, run nmap from the command line and compile all of the results.
The result is a list of all IPs that are "taken" by devices on my network - exactly what I was looking for. I found a few devices out there that I was looking for and a couple I wasn't.
As mentioned, this is not a method for detecting rogue devices, in the security sense (that was not my objective) so it should not be treated as such for anyone stumbling upon this.
Anyway, I answered my own question and didn't want to be "that guy" so I'm following back up.
Cheers!