ysdadmin
asked on
How to Determine OS and MAC from IP
hi,
given an IP how can i determine the OS and MAC address of a rogue computer on our network?
thanks.
given an IP how can i determine the OS and MAC address of a rogue computer on our network?
thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
tcicatelli
As an alternative, you could keep unplugging switches from the network and pinging the address on the node until you narrowed it down. Also, you could be chasing a printer or a switch without even knowing it.
Use NMAP:
go to insecure.org and download the latest version.
It only has a command line interface, so once installed go to command prompt and go to your nmap directory.
run the following command:
nmap -A 192.168.1.1
Change the IP address to your target IP (the rogue machine)
After a few minutes you will get a readout detailing all the open ports etc...
The MAC Address and the suspected operating system will be towards the end.
A neat note about the MAX--- it will guess what manufacturer made the PC/network card.
C:\WINDOWS>nmap -A 10.10.1.6
Starting Nmap 4.03 ( http://www.insecure.org/nmap ) at 2007-10-26 11:36 Pacific
Daylight Time
Interesting ports on hermes.uberpoop.com (1.2.3.4):
(The 1659 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
25/tcp open smtp Microsoft ESMTP 6.0.3790.3959
80/tcp open http Microsoft IIS webserver 6.0
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
443/tcp open ssl Microsoft IIS SSL
445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
691/tcp open resvc Microsoft Exchange routing server 6.5.7638.138.1
1178/tcp open msrpc Microsoft Windows RPC
3389/tcp open microsoft-rdp Microsoft Terminal Service
6001/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
6002/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
6004/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
10000/tcp open backupexec Veritas Backup Exec 9.0
MAC Address: 00:06:5B:F0:D3:45 (Dell Computer)
Device type: general purpose
Running: Microsoft Windows NT/2K/XP|2003/.NET
OS details: Microsoft Windows 2003 Server, 2003 Server SP1 or XP Pro SP2
Service Info: Host: hermes.uberpoop.com; OS: Windows
Nmap finished: 1 IP address (1 host up) scanned in 46.079 seconds
go to insecure.org and download the latest version.
It only has a command line interface, so once installed go to command prompt and go to your nmap directory.
run the following command:
nmap -A 192.168.1.1
Change the IP address to your target IP (the rogue machine)
After a few minutes you will get a readout detailing all the open ports etc...
The MAC Address and the suspected operating system will be towards the end.
A neat note about the MAX--- it will guess what manufacturer made the PC/network card.
C:\WINDOWS>nmap -A 10.10.1.6
Starting Nmap 4.03 ( http://www.insecure.org/nmap ) at 2007-10-26 11:36 Pacific
Daylight Time
Interesting ports on hermes.uberpoop.com (1.2.3.4):
(The 1659 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
25/tcp open smtp Microsoft ESMTP 6.0.3790.3959
80/tcp open http Microsoft IIS webserver 6.0
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
443/tcp open ssl Microsoft IIS SSL
445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
691/tcp open resvc Microsoft Exchange routing server 6.5.7638.138.1
1178/tcp open msrpc Microsoft Windows RPC
3389/tcp open microsoft-rdp Microsoft Terminal Service
6001/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
6002/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
6004/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
10000/tcp open backupexec Veritas Backup Exec 9.0
MAC Address: 00:06:5B:F0:D3:45 (Dell Computer)
Device type: general purpose
Running: Microsoft Windows NT/2K/XP|2003/.NET
OS details: Microsoft Windows 2003 Server, 2003 Server SP1 or XP Pro SP2
Service Info: Host: hermes.uberpoop.com; OS: Windows
Nmap finished: 1 IP address (1 host up) scanned in 46.079 seconds