[LUNA] NMap Question

Bob Nance bob.nance at novationsys.com
Wed Feb 12 16:53:55 CST 2014 

I use this all the time:

	$ nmap <local.LAN.network>.1-254

Scans all the IP addresses in the local range. When it finds something
that responds, it gives you a quick report on that item:

	Nmap scan report for 10.1.10.78
	Host is up (0.0024s latency).
	Not shown: 994 closed ports
	PORT      STATE SERVICE
	22/tcp    open  ssh
	88/tcp    open  kerberos-sec
	445/tcp   open  microsoft-ds
	548/tcp   open  afp
	5900/tcp  open  vnc
	49152/tcp open  unknown

I can guess that this is something running an Apple OS (with kerberos,
ssh, vnc and afp running).

My second-most-used option is OS scanning:



	# nmap -O <local.LAN.network>.1-254
like:
	# nmap -O 10.0.0.1-254
	# nmap -O 172.16.23.1-254


Which scans all IP addresses in the local range from host 1 to host 254.
The ³-O²  (oh, not zero) makes a connection to some well-known ports and
attempts to use TCP/IP fingerprints to determine the remote device¹s
operating system, as well. That option requires root privilege on the
local computer. There are also options to slow down the scan and randomize
the port selections in an attempt to get past intrusion
prevention/protection systems.

Here¹s a result that¹s bad. This computer is actually running Apple Mac OS
X 10.9.1 (Mavericks):

	Nmap scan report for 10.1.10.78
	Host is up (0.0032s latency).
	Not shown: 994 closed ports
	PORT      STATE SERVICE
	22/tcp    open  ssh
	88/tcp    open  kerberos-sec
	445/tcp   open  microsoft-ds
	548/tcp   open  afp
	5900/tcp  open  vnc
	49152/tcp open  unknown
	MAC Address: 00:25:00:F7:E0:AC (Apple)
	Device type: media device|phone
	Running: Apple iOS 4.X|5.X
	OS CPE: cpe:/o:apple:iphone_os:4 cpe:/o:apple:iphone_os:5
	OS details: Apple iOS 4.4.2 - 5.0.1 (Darwin 11.0.0)
	Network Distance: 1 hop

Here¹s one that is close (It¹s Windows 8 Pro):

	Nmap scan report for 10.1.10.117
	Host is up (0.0021s latency).
	Not shown: 995 filtered ports
	PORT     STATE SERVICE
	135/tcp	  open  msrpc
	139/tcp	  open  netbios-ssn
	445/tcp  open  microsoft-ds
	3389/tcp open  ms-wbt-server
	5357/tcp open  wsdapi
	MAC Address: 90:2B:34:A7:31:D5 (Giga-byte Technology Co.)
	Warning: OSScan results may be unreliable because we could not find at
least 1 open and 1 closed port
	Device type: general purpose
	Running: Microsoft Windows 2008
	OS CPE: cpe:/o:microsoft:windows_server_2008::sp2
	OS details: Microsoft Windows Server 2008 SP2
	Network Distance: 1 hop

A useful tool for scanning your network, but not definitive. At the end of
each OS scan, there is a URL to go and update your results in their
database.

-Bob

-- 


 Bob Nance

 Novation Systems
 256-534-4620; 227





On 2/12/14, 3:19 PM, "Michael W. Hall" <hallmw at att.net> wrote:

>How to you run this program.  I would like to have it scan my network
>and just show the hosts and what is running on them.  Not having much
>luck with anything.
>
>Michael
>
>_______________________________________________
>LUNA mailing list
>LUNA at lunagroup.us
>http://lunagroup.us/mailman/listinfo/luna

More information about the LUNA mailing list