Tag Archives: Linux How to

Unix Similar multi-user operating systems based on the Linux kernel and essentially on GNU software. Like CentOS, Debian, Ubuntu Fedora.

Howto Tutorials (EN)

How to scan devices in the IP subnet with Ping

Home
Leave a comment

PingScan – ICMP Ping a Range of IP Addresses and Devices in Network with Linux

If you need to determine which devices are currently connected to the network. There is a simple way using ICMP ping running in a Linux For Loop.

Run the following command using ping in a Linux Bash For Loop

$ for i in $(seq 254); do ping -c1 -W1 10.1.1.$i & done | grep from

The output from this IPv4 example looks like this.

64 bytes from 10.1.1.1: icmp_seq=1 ttl=255 time=0.528 ms
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=4.82 ms
64 bytes from 10.1.1.4: icmp_seq=1 ttl=64 time=0.046 ms
64 bytes from 10.1.1.5: icmp_seq=1 ttl=64 time=6.52 ms
64 bytes from 10.1.1.103: icmp_seq=1 ttl=255 time=0.295 ms
64 bytes from 10.1.1.104: icmp_seq=1 ttl=64 time=0.083 ms
64 bytes from 10.1.1.105: icmp_seq=1 ttl=64 time=0.513 ms
64 bytes from 10.1.1.106: icmp_seq=1 ttl=64 time=1.16 ms
64 bytes from 10.1.1.110: icmp_seq=1 ttl=64 time=0.485 ms

Explanation of ping parameters:

  • -c1 number of ping requests (one ping for each address).
  • -W1 time to wait for response (timeout)..

Linux ICMP Ping to scan IP addresses of devices

Instead of the Class A subnet shown above, any IPv4 class can be used in the loop, whereby after sec the corresponding number of hosts for an range can be inserted, may depending on what kind of netmask is used.

$ for i in $(seq 99 199); do ping -c1 -W1 10.1.1.$i & done | grep from
64 bytes from 10.1.1.103: icmp_seq=1 ttl=64 time=0.521 ms
64 bytes from 10.1.1.104: icmp_seq=1 ttl=255 time=0.474 ms
64 bytes from 10.1.1.105: icmp_seq=1 ttl=64 time=3.36 ms
64 bytes from 10.1.1.106: icmp_seq=1 ttl=64 time=1.37 ms
64 bytes from 10.1.1.110: icmp_seq=1 ttl=64 time=0.645 ms

  Ping sends an ICMP (Internet Control Message Protocol) echo request to a probed interface on the network and then waits for a response. After the initiator run a ping command, a ping signal is sent to a specific address. If the destination host receives the echo request, it responds by sending an echo reply packet. Here in this example ping is used to get the ICMP echo replies for a range of addresses using a For Loop applied.

Another useful alternatives to scan a subnet is to use nmap, but this tool is usually not built-in and must first be installed, if using a Debian GNU/Linux-Distribution then run sudo apt install nmap

nmap is a powerful and versatile tool to check security, but here in order not to leave the context, the command with the effect similar to ICMP echo reply results of ping works like this.

$ nmap -T5 -sP 10.1.1.1-254 | grep scan

Conclusion

This post shows how to scan whole ip subnets or ranges for devices in a simple way. Without additional tools by using the ICMP Ping command. There are certainly many other methods and commands. We limit ourselves to a few but useful examples here, may have inspired you! which of course I’m would be happy about.

How to find IP Hosts in Network using ICMP Ping
How to find IP Hosts in Network using Ping
Howto Tutorials (EN)

How to use policyd-spf with Postfix

Home
Leave a comment

Sender Policy Framework (SPF) is a service deployed to avoid being identified as a spam sender

postfix-policyd-spf is a fully functional engine for SPF verification under Postfix. The daemon includes a variety of mechanisms and policy options to meet a wide variety of system requirements. postfix-policyd-spf-perl was implemented on Perl, further available on Python there is postfix-policyd-spf-python, the Python SPF module (spf) is used. As a Postfix module, it supports RFC 7208 of the Sender Policy Framework (SPF).

How to use policyd-spf with Postfix

Additional information is stored in the DNS (Domain Name System) in the form of an SPF record. This TXT-based SPF record contains specific information about authorized mail servers, Mail Transfer Agent (MTA).

How to install Postfix policyd-spf

The installation on Debian 10 and Debian 11 starts as root as follows:

$ apt install postfix-policyd-spf-python

If the Perl module is preferred, the Perl SPF-Milter can be installed as root as follows.

$ apt install postfix-policyd-spf-perl

Edit Postfix SPF master.cf for policyd-spf

After postfix-policyd-spf-python, or postfix-policyd-spf-perl is installed, we edit the configuration file of the postfix master process.

$ vi /etc/postfix/master.cf

To launch the Postfix statement with the Python SPF policy checker, add the following lines to the end of the master.cf file.

policyd-spf  unix  -       n       n       -       0       spawn
   user=policyd-spf argv=/usr/bin/policyd-spf

Use the SPF policy verification on the Perl implementation is as follows.

policyd-spf  unix  -       n       n       -       0       spawn
   user=policyd-spf argv=/usr/sbin/postfix-policyd-spf-perl

Save and close the file.

Edit Postfix SPF main.cf for policyd-spf

Next, edit the Postfix main configuration file.

$ vi /etc/postfix/main.cf

Add the following lines to the end of the main.cf file. The first line specifies the timeout setting for the Postfix Policy Agent. The following lines restrict incoming emails by checking the SPF record and rejecting unauthorized emails.

policyd-spf_time_limit = 3600
smtpd_recipient_restrictions =
   permit_mynetworks,
   permit_sasl_authenticated,
   reject_unauth_destination,
   check_policy_service unix:private/policyd-spf

Note! if check_policy_service is not the last line below the section smtpd_recipient_restrictions, then there must be a comma (,) at the end of the line. No comma on the last entry.

Save and close the file.

  Ensure that the user id policyd-spf exist by run id policyd-spf, if not exist, the system account is created as follows.

$ useradd -r -M policyd-spf -s /usr/sbin/nologin

Then restart the Postfix using systemctl. 

$ systemctl restart postfix

The next time receive an email by a domain with an SPF record in DNS. You can see the results of the SPF verification in the RAW email header. The following header indicates that the sender sent the email from an authorized host.

policyd-spf[733750]: prepend Received-SPF: Pass

The output appers when using the Perl module.

postfix/policy-spf[735983]: Policy action=PREPEND Received-SPF: pass

Verify Python and SPF

When using postfix-policyd-spf-python, Python must be available on the server, as well as the Python SPF module. The verification can be carried out as follows.

$ python3
Python 3.9.2 (default, Feb 28 2021, 17:03:44)
[GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> help('modules')

If Python is installed on the system, the help('modules') command displays multiple modules in columns. The spf and spf_engine module is required. The Python module can be added as follows.

pip install pypolicyd-spf

Verify SPF Record

To verify the SPF TXT Record for a specific domain, run the lookup command out from linux terminal.

$ dig TXT mydomain.net +short
 "v=spf1 a mx ~all"

Using windows then run this command in the command prompt (cmd).

C:\> nslookup -type=TXT mydomain.net
 "v=spf1 a mx ~all"