Network Enumeration

1. Network Interface Configuration

1.1 List Network Interfaces, IP, and DNS

Commands:

To retrieve detailed network interface configuration:

ipconfig /all

Description: Displays full configuration details for all network interfaces, including IP addresses, subnet masks, default gateways, and DNS servers.

Output: A comprehensive list of all network interfaces with their configurations.

For a more structured output in PowerShell:

Get-NetIPConfiguration | Format-Table InterfaceAlias, InterfaceDescription, IPv4Address

Description: Formats IP configuration details, displaying interface alias, description, and IPv4 address.

Output: A table showing IP configuration details for each network interface.

To list DNS servers for IPv4:

Get-DnsClientServerAddress -AddressFamily IPv4 | Format-Table

Description: Displays configured DNS server addresses for IPv4.

Output: A table of DNS server addresses by network interface.

2. Routing Information

2.1 Current Routing Table

Commands:

To view the current routing table:

route print

Description: Displays the routing table with destinations, next hops, and metrics.

Output: A complete view of the routing configuration.

For a structured view in PowerShell:

Get-NetRoute -AddressFamily IPv4 | Format-Table DestinationPrefix, NextHop, RouteMetric, ifIndex

Description: Formats and displays IPv4 routing table entries.

Output: A table listing routing details for IPv4.

3. ARP and Connections

3.1 List ARP Table

Command:

arp -a

Description: Displays the current ARP table, mapping IP addresses to MAC addresses.

Output: A list of IP-to-MAC mappings in the ARP cache.

3.2 List Current Connections

Command:

netstat -ano

Description: Shows all active network connections and listening ports with their associated process IDs (PIDs).

Output: A detailed list of connections, including protocol, local and foreign addresses, connection state, and PID.

4. Network Shares

4.1 List Network Shares

Command:

net share

Description: Lists all shared resources on the local system.

Output: Displays share names, paths, and additional settings.

For domain-specific shares using PowerShell:

Find-DomainShare -ComputerDomain domain.local

Description: Finds shared resources within a specified domain.

Output: Lists domain-specific shared resources.

5. SNMP Configuration

5.1 SNMP Settings

Command:

To check SNMP configuration in the Windows Registry:

reg query HKLM\SYSTEM\CurrentControlSet\Services\SNMP /s

Description: Queries SNMP service settings in the registry.

Output: Displays SNMP configuration, including community strings and permissions.

For a detailed PowerShell view:

Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\SNMP -Recurse

Description: Retrieves all SNMP-related registry keys and values recursively.

Output: A detailed view of SNMP configuration settings.

PreviousUser EnumerationNextAntivirus Enumeration

Last updated