|
Linux HowTo's -
Linux Networking HowTo's
|
|
Written by Keith Short
|
|
Thursday, 29 May 2008 18:23 |
|
Ok. I've we've been getting some slaps via email for the delay in continuing this feature. You know we love this stuff too, but we also work for a living. And without those good old paychecks we can't even pay the bills for this Community. Whew I didn't know Linux folks could be so pushy. Oh wait, I take that back. Not that I'm saying the Co-Founder of LinuxDynasty is pushy at all 
So here goes. Let look at some NMAP options.
- First let's just check to see if some hosts are up using ICMP: kshort@LinuxStudent:/etc/gdm$ nmap -sP 192.168.91.0/27
Starting Nmap 4.53 ( http://insecure.org ) at 2008-05-29 19:46 EDT
kshort@LinuxStudent:/etc/gdm$ nmap -sP 192.168.91.0/27
Starting Nmap 4.53 ( http://insecure.org ) at 2008-05-29 19:47 EDT
Host 192.168.91.3 appears to be up.
Host 192.168.91.4 appears to be up.
Host 192.168.91.5 appears to be up.
Host 192.168.91.6 appears to be up.
Host 192.168.91.12 appears to be up.
Host 192.168.91.15 appears to be up.
Host 192.168.91.18 appears to be up.
Host 192.168.91.20 appears to be up.
Host 192.168.91.26 appears to be up.
Host 192.168.91.31 appears to be up.
Nmap done: 32 IP addresses (10 hosts up) scanned in 13.240 seconds
kshort@LinuxStudent:/etc/gdm$ ****************************************************************************
- Now let's if we can find out what this device is: kshort@LinuxStudent:/etc/gdm$ nmap -sV 192.168.91.3
Starting Nmap 4.53 ( http://insecure.org ) at 2008-05-29 19:54 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 2.038 seconds
kshort@LinuxStudent:/etc/gdm$ nmap -sV 192.168.91.3
Starting Nmap 4.53 ( http://insecure.org ) at 2008-05-29 19:54 EDT
Interesting ports on 192.168.91.3:
Not shown: 1698 filtered ports
PORT STATE SERVICE VERSION
21/tcp open ftp ProFTPD
23/tcp open telnet?
80/tcp open http?
111/tcp open rpcbind 2 (rpc #100000)
179/tcp closed bgp
513/tcp open tcpwrapped
514/tcp open tcpwrapped
646/tcp closed unknown
49400/tcp closed compaqdiag
50000/tcp closed iiimsf
50002/tcp closed iiimsf
54320/tcp closed bo2k
61439/tcp closed netprowler-manager
61440/tcp closed netprowler-manager2
61441/tcp closed netprowler-sensor
65301/tcp closed pcanywhere
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port23-TCP:V=4.53%I=7%D=5/29%Time=483F4248%P=i686-pc-linux-gnu%r(NULL,1
SF:4F,"\xff\xfb\x01\r\r\n\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\
SF:\r\n//\x20Copyright\x20\(c\)\x201");
Service Info: Host: Passport; OS: Unix
***Some Fingerprint Data removed for the sake of brevity***
Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 98.282 seconds
kshort@LinuxStudent:/etc/gdm$ The information is accurate. This is a Nortel Passport! ***************************************************************************
- But does it work on Cisco devices you ask: kshort@LinuxStudent:/etc/gdm$ nmap -sV 192.168.0.86
Starting Nmap 4.53 ( http://insecure.org ) at 2008-05-29 20:06 EDT
Interesting ports on Some_Router.somedomain.com (192.168.0.86):
Not shown: 1713 closed ports
PORT STATE SERVICE VERSION
23/tcp open telnet Cisco router
Service Info: OS: IOS; Device: router
Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.726 seconds
kshort@LinuxStudent:/etc/gdm$
Well what do you know? It's a router running IOS! Sound familiar you Cisco Gurus? ***************************************************************************
- Now let's see what Operating System a couple of randomly chosen hosts are running. By the way, you need to run OS detection as root, thus the "sudo" at the beginning of the command. kshort@LinuxStudent:/etc/gdm$ sudo nmap -O 192.168.91.36
[sudo] password for kshort:
Starting Nmap 4.53 ( http://insecure.org ) at 2008-05-29 20:18 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 0.365 seconds
kshort@LinuxStudent:/etc/gdm$ sudo nmap -O 192.168.91.31
Starting Nmap 4.53 ( http://insecure.org ) at 2008-05-29 20:18 EDT
All 1714 scanned ports on 192.168.91.31 are closed
MAC Address: 00:1B:25:2F:80:DA (Nortel)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: printer
Running: HP embedded
OS details: HP LaserJet 4350 printer, HP LaserJet P3005 or CP4005 printer
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.429 seconds
kshort@LinuxStudent:/etc/gdm$ sudo nmap -O 192.168.91.26
Starting Nmap 4.53 ( http://insecure.org ) at 2008-05-29 20:19 EDT
Interesting ports on 192.168.91.26:
Not shown: 1710 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
3389/tcp open ms-term-serv
8081/tcp open blackice-icecap
MAC Address: 00:12:3F:00:CE:2F (Dell)
Device type: general purpose
Running: Microsoft Windows XP
OS details: Microsoft Windows XP SP2
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.985 seconds
kshort@LinuxStudent:/etc/gdm$
When we continue we'll learn how to save this data in files. That makes it more useful. For instance you could save the list of IP's that respond and import them into and SNMP collector. That might be a hint of things to come. 
|
|
Last Updated ( Sunday, 01 June 2008 16:20 )
|
