info on network
info on network
Im trying to find a way to scan a network in linux and pull some relevant data from it. Im looking to pull the operating system mainly. i know nmap can do it, but what are the commands for it?
- CommonStray
- Forum Assassin
- Posts: 1215
- Joined: 20 Aug 2005, 16:00
- 18
Re: info on network
Here are nmap options for operating system detection
-O Enable OS detection
--osscan-limit Limit OS detection to promising targets
--osscan-guess Guess OS more aggressively
edit: oh and there is also p0f
http://lcamtuf.coredump.cx/p0f.shtml" onclick="window.open(this.href);return false;
BT 5 has this already pre-installed under info gathering->net analysis->os fingerprinting
-O Enable OS detection
--osscan-limit Limit OS detection to promising targets
--osscan-guess Guess OS more aggressively
edit: oh and there is also p0f
http://lcamtuf.coredump.cx/p0f.shtml" onclick="window.open(this.href);return false;
BT 5 has this already pre-installed under info gathering->net analysis->os fingerprinting
Re: info on network
I will be the dick and say nmap's OS detection is shit.
check ports and banners yourself, it will be easy enough to figure out the OS on most systems.
remember, computers are clients.
DNR
check ports and banners yourself, it will be easy enough to figure out the OS on most systems.
remember, computers are clients.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Re: info on network
i agree with DNR. I have run the -o and the -A commands within Nmap. I cant get a response back on the -A command. ill have to figure out how to get the banners.
Re: info on network
banners is either in the packets you sniff, or displayed in a connection like telnet to a port. If you telnet to a port, it can reply with the server OS, version, and additional applications used on the server. A smart sysadmin will fake banners, just try the suck-o server!
some port scanners will display the port response during scans.
Example of a SMTP banner:
DNR
some port scanners will display the port response during scans.
Example of a SMTP banner:
Code: Select all
220 romulan.ncsc.mil ESMTP Sendmail 8.9.3/8.9.3; Mon, 25 Jul 2011 01:45:38 -0500
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Re: info on network
OS detection has been pretty unreliable for some years now, it's just too easy to fake banners and packets like was mentioned earlier. I've had some success with P0f, more then with nmap anyhow, but it takes a combination of techniques to get anything substantial.
P0f is a very stealthy enumerator that monitors an OS response to semi-innocuous queries like web traffic, and then makes a best guess of the operating system that would give those replies. Because it's a passive, best guess enumerator, it's not as accurate as a more active scanner... and it's current version refuses to ID Linux machines as anything but unknown so its usefulness may have run out.
Another tool worth looking at is Xprobe2, which mixes OS fingerprinting with port scanning, somewhat like nmap but more accurate. Downside here is that it hits a lot of ports, and determines an OS by which ports are open, closed and what the responses on those ports are.
Is it accurate? It can be but like so many computer related task it's part art and part science, and experience is the tool to collect the right amount of both.
P0f is a very stealthy enumerator that monitors an OS response to semi-innocuous queries like web traffic, and then makes a best guess of the operating system that would give those replies. Because it's a passive, best guess enumerator, it's not as accurate as a more active scanner... and it's current version refuses to ID Linux machines as anything but unknown so its usefulness may have run out.
Another tool worth looking at is Xprobe2, which mixes OS fingerprinting with port scanning, somewhat like nmap but more accurate. Downside here is that it hits a lot of ports, and determines an OS by which ports are open, closed and what the responses on those ports are.
Is it accurate? It can be but like so many computer related task it's part art and part science, and experience is the tool to collect the right amount of both.
knuffeltjes voor mijn knuffel
[img]http://i911.photobucket.com/albums/ac320/stuphsack/Sig.jpg[/img]
[img]http://i911.photobucket.com/albums/ac320/stuphsack/Sig.jpg[/img]
Re: info on network
also analyze applications used on the webserver - some are windows only or nux based apps - giving away the server OS.
DNR
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.