path: root/other/b-scan/doc/bscan.tex

% just run: pdflatex bscan.tex

\ifx\pdfoutput\undefined
\documentclass[11pt,a4paper,twoside]{article}
\else
\documentclass[pdftex,11pt,a4paper,twoside]{article}
\pdfcompresslevel=9
\fi

\ifx\pdfoutput\undefined
\else
\RequirePackage[colorlinks,hyperindex]{hyperref}
\def\pdfBorderAttrs{/Border [0 0 0] }
\fi

\usepackage{fancyhdr}
\pagestyle{fancy}
%\renewcommand{\chaptermark}[1]{\markboth{#1}{}}
%\renewcommand{\sectionmark}[1]{\markright{\thesection\ #1}}
\fancyhf{}
\fancyhead[LE,RO]{\bfseries\thepage}
\fancyhead[LO]{\bfseries\rightmark}
\fancyhead[RE]{\bfseries\leftmark}
\renewcommand{\headrulewidth}{0.5pt}
\renewcommand{\footrulewidth}{0pt}
\addtolength{\headheight}{0.5pt}
\fancypagestyle{plain}{%
    \fancyhead{}%
    \renewcommand{\headrulewidth}{0pt}%
}

\begin{document}

\title{b-scan manual}
\author{b-scan team}
\maketitle
\begin{center}
version 0.0
\end{center}

\tableofcontents


\section{Introduction}
B-scan is a network scan program. It probes a number of hosts for certain
properties and evaluates the responses, saving interesting data in a easy
to understand output format. In contrast to most other network scanning
programs, b-scan aims at being the best in both stability and speed. There are,
however very popular programs that are neither stable nor fast, but have
dozens of useless options you will not find in b-scan.

\section{How b-scan works}

\section{The network layout}
% include graphic how b-scan sees the network

\subsection{Setting up a proper host environment}
\subsection{Common problems}
\subsubsection{MAC address}
In case bscan will complain about `{\tt arp}' not being found, you have to
include the path to `{\tt arp}' in the {\tt PATH} variable. Often it is
found in {\tt /usr/sbin} or {\tt /sbin}, so a simple
`{\tt export PATH=\$PATH:/sbin:/usr/sbin}' before bscan is started will
solve this issue.

In case it still does not work, check whether bscans ARP daemon is running
properly and shows up in {\tt ps}. Then proceed by {\tt ping}ing the source
IP you have choosen and afterwards to a `{\tt arp -n}' to see whether the
correct MAC address shows up with the source IP. In case it does not show
up, you may have a device problem or another host in your LAN is using the
assigned IP.

\section{Options}
\subsection{Target}
\subsubsection{Random mode}
Using the random mode you can scan random IP addresses, for statistical
purposes. It is not recommended to use this random mode to scan complete
networks, there the spread mode fits better, since it takes care of
target-network routers and their load. However if you want to extrapolate
statistically correct data from randomly scanned hosts, this mode is the
right choice. It filters nonsense, reserved, private and multicast addresses
from the random ones and feeds the remaining ones into the scanner. You can
specify a counter which will stop bscan after having scanned a number of
random IPs using the `{\tt :}' suffix:
\begin{verbatim}
$ bscan ... random:2000
\end{verbatim}
Will scan 2000 random IP addresses. If you leave the number out or give
`{\tt :0}', then bscan will scan forever, until it is terminated.


\section{Scans}
\subsection{ICMP}
\subsection{TCP}
\subsection{UDP}
\subsection{special}

\section{Logs}
\subsection{Logformat}
\subsection{Utilities}
\subsubsection{BIND-distribution.awk}
This utility parses the output logs of the {\tt VERSION.BIND} scan and shows
the percentage and count of each BIND version. It expects only properly
formatted lines, for example:

\begin{verbatim}
$ grep "VERSION.BIND" out.log | \
        awk -f contrib/BIND-distribution.awk
\end{verbatim}

\section{B-Scan internals}
\subsection{Directory structure}
\subsection{Code Layout}
\subsubsection{Structures}
\subsubsection{Modules}

\label{references}
\begin{thebibliography}{99}
\bibitem{blablafooauthor1} ICMP scanning blabla
\bibitem{foofooblaauthor2} NMAP portalskasa
\end{thebibliography}

\end{document}