 So anyone who has spent any time in IT realizes documentation is important and especially when you take on a new client or a new project or a new job or you're ahead of IT and they go where's all of our devices and you realize no one has documented up until this point or the documentation is just completely wrong and Both of those instances were dealing with very frequently in the IT industry So we took on a new client and there's no documentation, which is not uncommon Often they reach out when they realize the IT guy just didn't know what he was doing and got in over his head I joked around the other day fake it to you make it's a horrible idea in a lot of industries IT is definitely one of them the other ones doctors You don't want to brain surgeon like that either so let's talk about end map and Network discovery now there's some commercial tools out there, and I guess they're cool And whatnot that that find some things and monitor stuff And but I come down to I start with and map all the time. It's free. It's easy to use It's open source. It's very very powerful, but what do you do with all the data? So great it discovered all the things Tom, but let's talk about what to do with it Now I've covered before Other interfaces like zen map which make it easy to get started with end map You know you get a nice interface on top of it to start putting all the data together But when the rubber hits the road You need to create like a spreadsheet and start really putting together, you know all the client stuff and start doing the discovery of Wit what are all the devices now a couple ways you can do this if you're lucky enough to have a pf sense at the head of the Network awesome if you're able to talk to client into installing pf sense at the head of the network also awesome The reason why pf sense has a n-map package standard command line n-map so you can SSH into the pf sense machine And you're attached directly to all the networks because pf sense would be at the head end That allows you to scan all the different segments of network very easily from one central spot And you're gonna dump all that to an XML file and then from there you can use the next tool We're gonna talk about other options are you know dropping off a laptop or something running Linux even a Raspberry Pi Which is pretty you know an expensive low-cost plugged into the client's network Hopefully it's in a spot that has access to the entire network so you can do it on the one trip and And From there you can start great You know use that let it run and create logs now the reason I say drop off as opposed to wait there Maybe you have time to build by the hour when you're there But to really run n-map on a slow comprehensive on a larger network with a few different classes It may take a while it may have a lot of devices you may have to run it more than once because the devices are turning Out off so you can consolidate data However the methodology for for doing this dumping it out to an XML file sometimes does take a little while because well There's a lot of IPs to scan and n-map is has very great options to be very thorough And we're gonna talk about some of the thoroughness of it here by doing my network So here's a quick little tool is an add-on Well Python script so first we're going to use n-map standard That's you know, we're assuming if you're watching this you've already known how to use n-map plenty of tutorials And I have one I'll leave a link below on using the Zen map then we're gonna run this n-map converter This is just an open-source github project link below in the description So we're gonna clone or download it and then you're gonna install it with These couple tools here. So pip install a Python live map Suda pip install X illustrator Just so you know you may get an error depending on your distribution if you try to run pseudo This is the Python installer scripts. Some of them want you to run pseudo some of them. You don't try it That's easy enough to do. So if you get the pseudo error just run it without it and it sometimes For example running pop OS here works fine without running pseudo you get a permissions error if you try to run pseudo with it. So The usage is really straightforward. It's n-map convert dash py and the output file you want So well, let's just close this and show it in action So before the video, I actually ran n-map and this is the command output I ran kind of a basic n-map scan and OX and then Tom underscore office dot XML and Some of the other n-map options to you know, do a nice verbose logging of the 192 163 dot zero slash 24 network That this machine is attached to So pretty straightforward and I already ran this so let's look at the output We have Tom's office dot XML. So let's take a look at that. Well, we'll get it by and Great, it's all kinds of wonderful data and and header outputs and everything else and Certificate information all all this great stuff now one nice thing about n-map is when you run it in XML You get a lot of data So there's plenty in here to pull through lots of great information and that's important So let's make this more readable. Matter of fact, this is why I talked about m-acvert. We're gonna make it to a spreadsheet So the command is pretty straightforward. So the n-map converter tools really easy to run Just a m-map converter dot PY The XML file we happen to call it Tom's office the output file dot XLS. So we call it LTS office So we're gonna head and press enter Simple screen output it's pretty fast depending on the you know size of the file. I have a fast computer here So it has some of things in here. Sometimes it has IP addresses. Sometimes it has names if they had no mains great cool Now we've converted it to an Excel file. So let's go ahead and open up that XLS file now Okay, so the file is produced and now we got to get the file off of here and see what it looks like So here's that file LTS office dot XLS. We're gonna open up in Libre office So we have a summary and we'll expand some of these pages out Here's the summary of this particular scan what was run host up host down based on the total scan of 256 hosts There's the command that was used the version scan type Awesome. Now we have the results file here. We're gonna Move that out like this and let's look at the host file here All right now the OS one I already made too wide. So let me fix that there we go Let's make these a little bit wider And the OS one now we're also gonna go ahead and fix the formatting because I already know If we go through here, some of these kind of wrap around so we're gonna go ahead and reformat this Hit okay Then we can just word wrap and it figures out what things are next thing we're gonna do is we can filter for status I don't care about the down systems. We only want to see the up ones and As you can see we're starting to build a nice little network map of devices Now this is really odd to me And this is where it gets kind of strange It decided that this particular machine is a 40 net. I have no idea why It's not it's running linux and it's running the unify software. So Interesting that it decided it's a 40 net and I did modify this That's not the actual address at the top for those of you running your there's no multiple x's I just took out what the actual address where it goes to But the rest of them it seems to have gotten right linux which kernels on there and things like that now This is also interesting because it recognized some of the virtual interfaces It recognized that these are running linux. These are my ubc cameras different machines on there the eight port switch That's also a unified switch unified cameras and it's out found some printers on there HP embedded We do have some printers on our network This is actually a free bsd virtual machine or jail I should say not really virtual machine and uh, then it found our free bsd Free NAS box, which is running right here And a few other things. So this is pretty cool. Now, let's talk about the results. This is where we're going to filter for status open Hit okay And start finding things now something interesting here and this is that security by Obscurity through security thing that people do by go. I'll just change the port and this is where nmap is very helpful to you We're actually going to talk about The methods and the services that it's running. So let's go filter for services here We're going to turn off the all and filter for this And this is something I wanted to show you because you'll find on some devices And it's reasonably accurate here. You notice not all of these are port 80 When it determines the service to be HTTP or HTTPS It's doing it because of a header check that it got in there. So the header check Is actually because You want to know exactly what it is. So like right here's a sysco config. This one is on port 80, but right here Verrata em web And you can see the device id port 631. That's a printer. Um Yeah, this should be a printer on here, but Now you're getting it even says right here is h e p laser to h e t p config files So this is where nmap becomes really handy nmap is able to start digging in and go What is the actual response on these ports and if you do a full port scan of every single ip on the network It takes a really long time But because it's identifying you can then filter for service and whether or not that Is running in ssl so you can start finding those devices that Especially when previous it people think oh, I'll just hide it on a different port And that'll keep people from finding it or anything like that Well, this is where it gets really handy because now you can start finding all those random ports people did and start Really digging into all the devices and this is really handy Like I said, it puts it all in the spreadsheet for you and allows you to start creating your documentation on there And there's a lot of things you can find you're like why is there a telnet service open Which I know is a printer. It's we have an old hpjet direct and Yeah, I know it could be considered a security risk on this, but this is our Semi public network to have this on but this is going to get you an idea though that it's easy to get started with it None of these tools cost you a dime Just they're great to learn great to program your own network So you can start you know digging into things and figuring out what things are on your network also look at the responses start making little notes in here and Start updating stuff and go. What is this and how does this work? And if you have pfSense that you're head in easy enough to install the nmap package also free You can run this on pfSense and start digging into your own network and finding all the devices And like I said the advantage of running it from pfSense if it's if especially you have multiple networks And pfSense is the head of it It can see all the legs of the network at once and start digging in and finding all those devices But hopefully this was helpful and shows you kind of a neat It's a neat free tool to start doing this, but it's also something we actually use to start Dropping it on clients networks that are undocumented just to find all the things that they have on there Because you never know even though they have dhcp You don't know what got statically assigned in where and this can help sort out all those ip conflicts you start running into When you are going okay. Why is this not assigned dhcp? Why is it in the range and start? Uh bringing all the chaos of taking on a new it position down to a manageable spreadsheet devices and organized Thanks for watching if you like this video go ahead and click the thumbs up Leave us some feedback below to let us know any details What you like and didn't like as well because we love hearing the feedback or if you just want to say thanks Leave a comment If you wanted to be notified of new videos as they come out go ahead and subscribe and the bell icon That lets youtube know that you're interested in notifications. Hopefully they send them As we've learned with youtube anyways If you want to contract us for consulting services You go ahead and hit laurance systems.com and you can reach out to us for all the projects that we can do and help you We work with a lot of small businesses it companies even some large companies And you can farm different workout to us or just hire us as a consultant to help design your network Also, if you want to help the channel in other ways, we have a patreon We have affiliate links. You'll find them in the description You'll also find recommendations to other affiliate links and things you can sign up for on laurance systems.com Once again, thanks for watching and i'll see you in the next video