Managing all the many ins and outs of IP protocols is an important part of managing any IP-based network. To that end, every network administrator who works with IP (and who doesn't nowadays?) should have one or more good IP scanning tools in his or her toolbox. Foundstone -- a well-known information security outfit in its own right, and now a part of McAfee -- offers its outstanding SuperScan v4.0 tool free to users willing to agree with its licensing restrictions. This tool is nicely built, easy to use, and offers lots of interesting functions that networks admins everywhere should find informative and useful.
Although some other scanners may do more (for example, the NetScan Pro Tools scanner, part of a for-a-fee IP toolbox, supports more kinds of scans and probes) what this one does, it does very well. What you'll find under its hood is best described in terms of the various tabs that the program interface presents to users:
- Scan: This primary tab drives program activity. You can instruct it to scan a single IP address, or use it to specify one or more ranges of IP addresses to scan (by default it scans them in 254-address blocks, an entirely suitable setting). SuperScan can also write its results to an HTML file which you can rename and save to maintain records of its activities.
- Host and Service Discovery: This secondary tab lets you configure what kinds of host discovery and TCP or UDP port scans the program will perform while scanning. You can ask hosts to respond to an echo request (PING), a time stamp request, an address mask request, or an information request. You can also specify UDP and TCP ports or port ranges to scan. By default, the program scans for common, security-sensitive TCP and UDP ports in the well-known port address (0-1023) and registered port address (1024-49151) ranges, and is pretty darn useful as such.
- Scan Options: This is where you can instruct the software how many host and service discovery passes or hostname lookups to make, and tell the program to grab system banners where available. You can also tell the software not to show systems with no open ports, and instruct it to randomize IP and port scan order (which may be necessary to get past IDS or other security systems that may be in place on some networks).
- Tools: Provides push button access to all kinds of IP commands and utilities, including DNS lookup requests, PING, traceroute, and various HTTP requests, plus access to 5 different Whois services.
- Windows Enumeration: Lets you scan Windows machines within an IP address range to dump NetBIOS name tables, check for NULL sessions, read MAC addresses, elicit workstation type, display user and group information available, plus a whole lot more. For admins who work around Windows servers and desktops this handy collection alone is worth getting to know this tool.
By plugging through the various secondary tabs (all of them except Scan) you configure SuperScan to scan what you need scanned. With all settings in place, you run the software by jumping back to the Scan tab and clicking the "Play" button (a blue right-pointing triangle) at the lower left corner of that pane.
What SuperScan tells you about the machines it scans is where it really shines. It's as fast or faster than any other scanner I've used (including netcat, NetScan Tools, and more), and it offers useful information about Windows networks for those who have them.
Grab a copy of SuperScan v4.0 and check it out: you'll probably find yourself using it for real pretty soon!
Ed Tittel is a full-time freelance writer, trainer, and consultant who specializes in matters related to information security, markup languages, and networking technologies. He's a regular contributor to numerous TechTarget Web sites, technology editor for Certification Magazine, and writes an e-mail newsletter for CramSession called "Must Know News."
Do you have comments on this tip? Let us know.