[LUNA] NMap Question
Bob Nance
bob.nance at novationsys.com
Wed Feb 12 16:53:55 CST 2014
I use this all the time:
$ nmap <local.LAN.network>.1-254
Scans all the IP addresses in the local range. When it finds something
that responds, it gives you a quick report on that item:
Nmap scan report for 10.1.10.78
Host is up (0.0024s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
88/tcp open kerberos-sec
445/tcp open microsoft-ds
548/tcp open afp
5900/tcp open vnc
49152/tcp open unknown
I can guess that this is something running an Apple OS (with kerberos,
ssh, vnc and afp running).
My second-most-used option is OS scanning:
# nmap -O <local.LAN.network>.1-254
like:
# nmap -O 10.0.0.1-254
# nmap -O 172.16.23.1-254
Which scans all IP addresses in the local range from host 1 to host 254.
The ³-O² (oh, not zero) makes a connection to some well-known ports and
attempts to use TCP/IP fingerprints to determine the remote device¹s
operating system, as well. That option requires root privilege on the
local computer. There are also options to slow down the scan and randomize
the port selections in an attempt to get past intrusion
prevention/protection systems.
Here¹s a result that¹s bad. This computer is actually running Apple Mac OS
X 10.9.1 (Mavericks):
Nmap scan report for 10.1.10.78
Host is up (0.0032s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
88/tcp open kerberos-sec
445/tcp open microsoft-ds
548/tcp open afp
5900/tcp open vnc
49152/tcp open unknown
MAC Address: 00:25:00:F7:E0:AC (Apple)
Device type: media device|phone
Running: Apple iOS 4.X|5.X
OS CPE: cpe:/o:apple:iphone_os:4 cpe:/o:apple:iphone_os:5
OS details: Apple iOS 4.4.2 - 5.0.1 (Darwin 11.0.0)
Network Distance: 1 hop
Here¹s one that is close (It¹s Windows 8 Pro):
Nmap scan report for 10.1.10.117
Host is up (0.0021s latency).
Not shown: 995 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
5357/tcp open wsdapi
MAC Address: 90:2B:34:A7:31:D5 (Giga-byte Technology Co.)
Warning: OSScan results may be unreliable because we could not find at
least 1 open and 1 closed port
Device type: general purpose
Running: Microsoft Windows 2008
OS CPE: cpe:/o:microsoft:windows_server_2008::sp2
OS details: Microsoft Windows Server 2008 SP2
Network Distance: 1 hop
A useful tool for scanning your network, but not definitive. At the end of
each OS scan, there is a URL to go and update your results in their
database.
-Bob
--
Bob Nance
Novation Systems
256-534-4620; 227
On 2/12/14, 3:19 PM, "Michael W. Hall" <hallmw at att.net> wrote:
>How to you run this program. I would like to have it scan my network
>and just show the hosts and what is running on them. Not having much
>luck with anything.
>
>Michael
>
>_______________________________________________
>LUNA mailing list
>LUNA at lunagroup.us
>http://lunagroup.us/mailman/listinfo/luna
More information about the LUNA
mailing list