[LUNA] NMap Question
Michael W. Hall
hallmw at att.net
Wed Feb 12 19:06:03 CST 2014
That is what I am looking for I think. I will give that a try.
On Wed, 2014-02-12 at 22:53 +0000, Bob Nance wrote:
> I use this all the time:
>
> $ nmap <local.LAN.network>.1-254
>
> Scans all the IP addresses in the local range. When it finds something
> that responds, it gives you a quick report on that item:
>
> Nmap scan report for 10.1.10.78
> Host is up (0.0024s latency).
> Not shown: 994 closed ports
> PORT STATE SERVICE
> 22/tcp open ssh
> 88/tcp open kerberos-sec
> 445/tcp open microsoft-ds
> 548/tcp open afp
> 5900/tcp open vnc
> 49152/tcp open unknown
>
> I can guess that this is something running an Apple OS (with kerberos,
> ssh, vnc and afp running).
>
> My second-most-used option is OS scanning:
>
>
>
> # nmap -O <local.LAN.network>.1-254
> like:
> # nmap -O 10.0.0.1-254
> # nmap -O 172.16.23.1-254
>
>
> Which scans all IP addresses in the local range from host 1 to host 254.
> The ³-O² (oh, not zero) makes a connection to some well-known ports and
> attempts to use TCP/IP fingerprints to determine the remote device¹s
> operating system, as well. That option requires root privilege on the
> local computer. There are also options to slow down the scan and randomize
> the port selections in an attempt to get past intrusion
> prevention/protection systems.
>
> Here¹s a result that¹s bad. This computer is actually running Apple Mac OS
> X 10.9.1 (Mavericks):
>
> Nmap scan report for 10.1.10.78
> Host is up (0.0032s latency).
> Not shown: 994 closed ports
> PORT STATE SERVICE
> 22/tcp open ssh
> 88/tcp open kerberos-sec
> 445/tcp open microsoft-ds
> 548/tcp open afp
> 5900/tcp open vnc
> 49152/tcp open unknown
> MAC Address: 00:25:00:F7:E0:AC (Apple)
> Device type: media device|phone
> Running: Apple iOS 4.X|5.X
> OS CPE: cpe:/o:apple:iphone_os:4 cpe:/o:apple:iphone_os:5
> OS details: Apple iOS 4.4.2 - 5.0.1 (Darwin 11.0.0)
> Network Distance: 1 hop
>
> Here¹s one that is close (It¹s Windows 8 Pro):
>
> Nmap scan report for 10.1.10.117
> Host is up (0.0021s latency).
> Not shown: 995 filtered ports
> PORT STATE SERVICE
> 135/tcp open msrpc
> 139/tcp open netbios-ssn
> 445/tcp open microsoft-ds
> 3389/tcp open ms-wbt-server
> 5357/tcp open wsdapi
> MAC Address: 90:2B:34:A7:31:D5 (Giga-byte Technology Co.)
> Warning: OSScan results may be unreliable because we could not find at
> least 1 open and 1 closed port
> Device type: general purpose
> Running: Microsoft Windows 2008
> OS CPE: cpe:/o:microsoft:windows_server_2008::sp2
> OS details: Microsoft Windows Server 2008 SP2
> Network Distance: 1 hop
>
> A useful tool for scanning your network, but not definitive. At the end of
> each OS scan, there is a URL to go and update your results in their
> database.
>
> -Bob
>
More information about the LUNA
mailing list