Suramya's Blog

Visit suramya.com Who am I?

January 20, 2010

List all machines connected to a LAN with additional details on each

Filed under: Knowledgebase,Security Tools — Suramya @ 12:15 AM

If you ever had to figure out how many systems are connected to a network and what IP’s they have then you will find this tip useful. It is also useful to identify any rouge machines on your network if you know how many systems are supposed to be there on that network. Like in case of my home network, where I know the exact no of machines.

There are multiple software out that, that allow you to do this. Some are free, some are very expensive. In my opinion the best one is nmap. It is free, fast and can be scripted.

To find all machines on my LAN (IP Range: 192.168.2.x) I just have to issue the following command:

nmap -sP 192.168.2.0/24

This gives an output like the following when I run it as a normal user:

suramya@Wyrm:~$ nmap -sP 192.168.2.0/24

Starting Nmap 5.00 ( http://nmap.org ) at 2010-01-20 00:01 IST
Host 192.168.2.1 is up (0.0018s latency).
Host 192.168.2.5 is up (0.00018s latency).
Host 192.168.2.100 is up (0.00018s latency).
Nmap done: 256 IP addresses (3 hosts up) scanned in 2.93 seconds

When I run the same command as root, it gives me additional information that looks like:

Wyrm:~# nmap -sP 192.168.2.0/24
Starting Nmap 5.00 ( http://nmap.org ) at 2010-01-19 23:50 IST
Host 192.168.2.1 is up (0.0015s latency).
MAC Address: 00:XX:XX:XX:XX:XX (Cisco-Linksys)
Host 192.168.2.5 is up.
Host 192.168.2.100 is up (0.011s latency).
MAC Address: 00:XX:XX:XX:XX:XX (Intel)
Nmap done: 256 IP addresses (3 hosts up) scanned in 3.00 seconds

In this case, as you can see nmap also gives me the MAC address of the machine. 192.168.2.5 is the machine I ran the scan from so I didn’t get any information on that one.

If you want additional details on a system you can issue the following command to get the system to try and identify the OS and services running in detail.

nmap -A 192.168.2.5

It gives an output that looks something like:

Wyrm:~# nmap -A 192.168.2.5
Starting Nmap 5.00 ( http://nmap.org ) at 2010-01-19 23:52 IST
Interesting ports on 192.168.2.5:
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.1p1 Debian 8 (protocol 2.0)
| ssh-hostkey: 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx (DSA)
|_ 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx (RSA)
80/tcp open http Apache httpd 2.2.14 ((Debian))
|_ html-title: Index of /
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
631/tcp open ipp CUPS 1.4
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.17 – 2.6.28
Network Distance: 0 hops
Service Info: OS: Linux

Host script results:
additional information on the server

Hope you also find this useful.

– Suramya

March 23, 2007

Programs that detect/monitor File alteration

Filed under: Knowledgebase,Security Tools — Suramya @ 5:56 PM

The following is a list of programs that detect/monitor file changes on both *nix/Windows:

Good article on how to do a File Integrity Assesment and how to securely use AIDE.

– Suramya

July 31, 2006

ScatterChat: A secure instant messaging client.

Filed under: Computer Security,My Thoughts,Security Tools — Suramya @ 5:15 PM

Now this is a cool software. It allows a user to encrypt all communications using end-to-end encryption and routing based on Tor (Tor Overview)

The program is a ‘friendly’ fork of the Gaim project. In case you are wondering what a fork is, a project fork or branch happens when a developer (or a group of them) takes a copy of source code from one software package and starts to independently develop a new package.

The software itself is pretty cool, but its likely to come under heavy fire from various govt and ‘spy’ agencies because the design of the software makes it really hard for anyone to eavesdrop on anyone. They will claim that this will allow terrorists and child pornographers to communicate anonymously.

It might be used by a terrorist but then so can a car (used as a getaway vehicle), a cell phone (used as a communication tool), watch (to sync timed attacks)… does this mean all of them should be banned as well? Any technology developed can be used for good as well as bad purposes.. starting with fire all the way upto a nuclear reaction… now that the genie is out of the bottle you can’t stuff it back in.

I think it will be useful for all sorts of people including:

Spies, to let them communicate with the home office, report anonymously
Corporate whistle blowers: they can report wrongs/broken laws without getting into trouble
People behind the great firewall of china, where you can be arrested for disagreeing with the government.

Check out the software: ScatterChat

Thanks to Schneier on Security for the link.

– Suramya

PS: I haven’t tried the software yet so don’t know how stable it is. Though I will be installing it shortly so will let you know how it goes.

November 2, 2005

Network monitoring with Cacti

Filed under: Computer Software,Security Tools — Suramya @ 9:04 PM

Interesting software to try out for network monitoring. Hopefully it will be simpler to use/setup than some of the other software I have tried earlier.

Network monitoring with Cacti

October 11, 2005

Protecting Files at Home Using Encrypted Containers

Filed under: Security Tools,Security Tutorials — Suramya @ 9:05 PM

This is an awesome article on how to create Encrypted Containers that makes it easy to create encrypted backup locations that can copied to other systems without hassle and are simple to use.

Protecting Files at Home Using Encrypted Containers

May 25, 2005

Tools for configuring iptables

Filed under: Computer Security,Security Tools,Security Tutorials — Suramya @ 8:20 PM

Configuring firewalls is not easy if you don’t know what you are doing and most of us don’t have the time of the paitience to spend hours figuring out internet security. But having a badly configured firewall is worse than having no firewall ’cause it gives you a false sense of security.

Thankfully there are tools out there that allow you to configure a decent firewall without needing a degree in rocket science. Chris Lynch has written an article on Newsforge which looks at Three tools to help you configure iptables.

Check it out.

- Suramya

May 11, 2005

Tools to display Folder Permissions in Windows

Filed under: Security Tools — Suramya @ 3:19 AM

Tools that will display group and user permissions on a set of folder:

Hyena

AccessEnum

xcacls

DumpSec

Scriptlogic

- Suramya

May 8, 2005

Monitor Per protocol/port bandwidth usage

Filed under: Security Tools — Suramya @ 4:16 AM

These programs will generate a per protocol/port bandwidth usage information on a given server:

flowscan

www.ntop.org

- Suramya

May 7, 2005

How to log shell sessions?

Filed under: Security Tools — Suramya @ 4:11 AM

Use a program called script, it makes a typescript of terminal session, meaning it logs everything printed on your terminal. Use `man script` to get more information about it.

- Suramya

How to see which programs are opening ports

Filed under: Computer Security,Security Tools — Suramya @ 4:02 AM

These tools will help you identify which programs are opening what ports on the system.

1. lsof | grep ‘IPv.’

lsof shows the list of open files, piping it through grep and searching for IPv will give you a list of ports used by a program

lsof -i TCP:<PORT>

where PORT is the one you need to know about the program behind it.

2. netstat -anp

Should display open ports, machines connected to the ports as well as which application has that port open.

If you know of any other ways let me know.

- Suramya

Older Posts »

Powered by WordPress