[LUNA] NMap Question

Wed Feb 12 19:06:03 CST 2014

That is what I am looking for I think.  I will give that a try.

On Wed, 2014-02-12 at 22:53 +0000, Bob Nance wrote:
> I use this all the time:
> 
> 	$ nmap <local.LAN.network>.1-254
> 
> Scans all the IP addresses in the local range. When it finds something
> that responds, it gives you a quick report on that item:
> 
> 	Nmap scan report for 10.1.10.78
> 	Host is up (0.0024s latency).
> 	Not shown: 994 closed ports
> 	PORT      STATE SERVICE
> 	22/tcp    open  ssh
> 	88/tcp    open  kerberos-sec
> 	445/tcp   open  microsoft-ds
> 	548/tcp   open  afp
> 	5900/tcp  open  vnc
> 	49152/tcp open  unknown
> 
> I can guess that this is something running an Apple OS (with kerberos,
> ssh, vnc and afp running).
> 
> My second-most-used option is OS scanning:
> 
> 
> 
> 	# nmap -O <local.LAN.network>.1-254
> like:
> 	# nmap -O 10.0.0.1-254
> 	# nmap -O 172.16.23.1-254
> 
> 
> Which scans all IP addresses in the local range from host 1 to host 254.
> The ³-O²  (oh, not zero) makes a connection to some well-known ports and
> attempts to use TCP/IP fingerprints to determine the remote device¹s
> operating system, as well. That option requires root privilege on the
> local computer. There are also options to slow down the scan and randomize
> the port selections in an attempt to get past intrusion
> prevention/protection systems.
> 
> Here¹s a result that¹s bad. This computer is actually running Apple Mac OS
> X 10.9.1 (Mavericks):
> 
> 	Nmap scan report for 10.1.10.78
> 	Host is up (0.0032s latency).
> 	Not shown: 994 closed ports
> 	PORT      STATE SERVICE
> 	22/tcp    open  ssh
> 	88/tcp    open  kerberos-sec
> 	445/tcp   open  microsoft-ds
> 	548/tcp   open  afp
> 	5900/tcp  open  vnc
> 	49152/tcp open  unknown
> 	MAC Address: 00:25:00:F7:E0:AC (Apple)
> 	Device type: media device|phone
> 	Running: Apple iOS 4.X|5.X
> 	OS CPE: cpe:/o:apple:iphone_os:4 cpe:/o:apple:iphone_os:5
> 	OS details: Apple iOS 4.4.2 - 5.0.1 (Darwin 11.0.0)
> 	Network Distance: 1 hop
> 
> Here¹s one that is close (It¹s Windows 8 Pro):
> 
> 	Nmap scan report for 10.1.10.117
> 	Host is up (0.0021s latency).
> 	Not shown: 995 filtered ports
> 	PORT     STATE SERVICE
> 	135/tcp	  open  msrpc
> 	139/tcp	  open  netbios-ssn
> 	445/tcp  open  microsoft-ds
> 	3389/tcp open  ms-wbt-server
> 	5357/tcp open  wsdapi
> 	MAC Address: 90:2B:34:A7:31:D5 (Giga-byte Technology Co.)
> 	Warning: OSScan results may be unreliable because we could not find at
> least 1 open and 1 closed port
> 	Device type: general purpose
> 	Running: Microsoft Windows 2008
> 	OS CPE: cpe:/o:microsoft:windows_server_2008::sp2
> 	OS details: Microsoft Windows Server 2008 SP2
> 	Network Distance: 1 hop
> 
> A useful tool for scanning your network, but not definitive. At the end of
> each OS scan, there is a URL to go and update your results in their
> database.
> 
> -Bob
> 