For a quiz I must fill in the following question:
Which distribution of Linux is on the server. They give me only a ip adress "37.59.41.190". How can I check this external?
Use nmap command to find Operating System details, it's not 100% accurate, though,
nmap -O <ip address>
nmap runs different OS fingerprint check techniques.
Related
I am following a course online, in the course an Nmap scan is undertaken with the following results:
. As you can see, the second from bottom line is MAC Address: DE:AD:00:00:BE:EF and the SENT and RCVD lines show an ARP request and an ARP reply.
However, when I do this I do not see the MAC Address, nor do I see the ARP lines. I see instead am ICMP response, here is a screenshot from my result:
I am doing the nmap with sudo privileges so I'm not sure why I am not seeing the MAC address.
Thanks for any help
sudo nmap 192.168.43.109 -sn -oA host -PE --reason This command will only show the MAC address if your machine and the target machine are on the same network.
For various reasons, I'm trying to get a Soft-ROCE setup working. The plan is to move to RDMA-capable hardware, later, but for now Soft ROCE is a good choice to get started. I've started with some tutorials on Infiniband APIs, and they mostly make sense. However, I haven't been able to get even a single transaction working in a loopback device.
I created an rxe device using the following command:
# rdma link add rxe_lo type rxe netdev lo
It seems to come up fine, but none of the utilities I run seem to do anything (rping, ibv_rc_pingpong, etc.).
With my loopback device, rping fails like this:
# rping -c -v -a 127.0.0.1
rdma_resolve_route: No such device
If I create Soft ROCE devices on two separate computers, and then run that over the network, rping at least works:
# rdma link add rxe_eno1 type rxe netdev eno1
# # do the same on different computer...
# rping -s -v -a 0.0.0.0
# rping -c -v -a 192.x.y.z # on other computer
Is this a futile attempt, or is there a technical reason why local loopbacks won't work with Soft RDMA? I tried this on an Ubuntu and Fedora system, with the same results.
Pardon in advance if this is a very noob question..
So I am learning to use nmap command and currently, I am doing a scan to check for the OS details of an image.
The command I have used is nmap -O -sV <ip address> and I am slightly confused by the OS details it outputted as I am trying to derive the exact OS version, to check if there are any vulnerability in the version.
It is as follows:
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
While I am unable to access/ log into the said image, based off the above result, can I presume that there are 2 different Linux OS versions, in this case, one is running on Linux 3.2 and the other is on Linux 4.9?
Is it possible that an image can have multiple OS (as seen above, assuming what I mentioned above is correct)?
Many thanks in advance.
Nmap does not always know the exact OS on the host you are scanning, so it tries to geuss it.
I would like to know if I can obtain ssh version using nmap of my external vps.
nmap -p 22 sV <domainname>
result:
22/tcp filtered ssh
Is there another nmap syntax so I can obtain ssh service version?
Just want to obtain the ssh service version of my external vps.
I tried alot of nmap commands but probably there's a struggle in-between like a firewall, which causes a filtered state. My own network is behind a DrayTek Device. Maybe a possible cause?
Thanks in advance!
The nmap option --badsum is able to provide insight about the existence of a firewall. A non firewall device that runs a full network stack will silently drop a bad checksum. In the case that your scan reaches an end device, you would expect to see the same result as your -sV scan. A firewall may offer a different reply to the --badsum.
The answer to your question regarding version, is that -sV is ideal, however -A may run some scripts that return useful information. You can also run --script=sshv1 or another specific script that is ssh related. More script options are here nmap scripts.
I am trying to list a shared folder I have on the desktop of a virtual machine. with these commands:
nmap -sU -sS --script smb-enum-shares.nse -p U:137,T:139 10.10.10.115
nmap --script smb-enum-shares.nse -p445 10.10.10.115
The combined output is :
Nmap scan report for 10.10.10.115
Host is up (0.00s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds
139/tcp open netbios-ssn
137/udp open netbios-ns
MAC Address: 08:00:27:31:DB:FC (Oracle VirtualBox virtual NIC)
This is not the output I am supposed to get referring to this : https://nmap.org/nsedoc/scripts/smb-enum-shares.html
Why is it not listing the shared folder on the desktop ? I have set maximum permission to everyone for the folder.
Thank you !
Guillaume
Seems like a bug in nmap https://github.com/nmap/nmap/issues/704
You can try -d flag to run nmap in debug mode. I see the "SMB: Login as \guest failed (NT_STATUS_ACCOUNT_DISABLED)" error. But other utilites (e.g. softperfect network scanner) works fine without specific permisions on remote machine.
See documentation: smb-enum-shares. Use function add_account in smbauth module