Why every sysadmin should know about nmap

Why every sysadmin should know about nmap

The other day, one friend texted me in panick because her computer could not connect to my school’s local network anymore. Until recently, when we set up a DHCP server for them, my school relied on manual IP addresses (with hardware filtering). But in some specific places in the campus, we still use manual IP addresses, without any filtering. And sometimes, like in the present case, people steal each other’s IP.

Well, it’s not really stealing. People just don’t know which IP is in use.

My first guess was to use Wireshark, in order to listen to the packets that were going to and from this IP, and identify the corresponding hardware address.

But there is in an easier way to get information about the computer using an IP address.

sudo nmap -O 192.168.1.1

Which yields the following result:

Starting Nmap 7.01 ( https://nmap.org ) at 2016-10-05 16:13 CEST
Nmap scan report for 192.168.1.1
Host is up (0.034s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
MAC Address: 30:B5:C2:70:50:72 (Tp-link Technologies)
Device type: WAP
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3.10
OS details: OpenWrt Barrier Breaker (Linux 3.10)
Network Distance: 1 hop

The option -O performs a OS-detection.
And if your target is on the same network as you, then nmap will tell you its network address.
Easy as pie 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *