Layer 2 Config and Analysis

Investigate layer 2 activity on a local network

Basics

See and analyze information from the interfaces

ip addr show     # List all IPs for all interfaces
ip route show    # Show all known routes
ip link set eth0 down    # Disable eth0 interface
ip link set eth0 up      # Enable eth0 interface
ip neigh         # List the ARP table

Make changes to the interfaces

ip addr add 192.168.1.1/24 dev eth0     # Configures an IP
ip route add default via 192.168.1.1    # Configure default route

Layer 2 Scanning

Try to find other devices on the local network using ARP scanning and other neat tricks. These generally require sudo permissions because it is frame crafting.

sudo arp-scan -I eth0 192.168.0.0/24
sudo netdiscover -r 192.168.0.0/24
sudo nmap -sn 192.168.0.0/24

nbtscan -r 192.168.0.0/24     # Scanning with NetBIOS, more useful inside a domain

alive6 eth0            # Send IPv6 ICMP out an interface

Scapy is another great tool to craft frames on the wire :) 👷‍♂️

PreviousDomain Discovery NextPort Scanning and Discovery

Last updated 3 years ago