[SATLUG] I need help snooping
Curt Bryson (GMail)
curt.bryson at gmail.com
Tue Jul 31 17:30:51 CDT 2007
Sounds, obviously, like this is work-related.
If so:
Regardless of whether nmap, queso, or even manual techniques (like
telnet banner capturing) are used; I'd highly recommend (this is
experience speaking) you scan only during maintenance windows with a
recovery plan, and then only after testing the tool "...against a safe,
colorsafe area..."
Even the simplest scan (say 443 cert query) can tip over some of the
industry's leading solutions if they are not suspecting it, or if the
application stack using the solutions wasn't designed to deal with
anomalous traffic so well.
Point is simply: don't think this is a low-risk endeavor if it's being
done on prod subnets.
and yes, nmap is a good tool to get a rough guestimate based upon OS
signature... but then again, a simple automated banner capture would do
what you are wanting to do.
On Tue, 2007-07-31 at 13:30 -0500, Brad Knowles wrote:
> Try nmap.
>
> --
> Brad Knowles <brad at shub-Internet.org>
>
> Sent from my iPhone
>
> On Jul 31, 2007, at 12:15 PM, twistedpickles
> <twistedpickles at gmail.com> wrote:
>
> > I have a list of IP adresses and I need to find out what devices
> > are attached to the IP's. I know there is a tool I can use to
> > determine this but I can't remember what it is.
> >
> > I just need to identify devices such as this is a windows box, or
> > this is the linux box, and this is a cisco device.
> >
> >
> >
> > ::twistedpickles :: :
> > Message sent from Mobile Handset
> > --
> > _______________________________________________
> > SATLUG mailing list
> > SATLUG at satlug.org
> > http://alamo.satlug.org/mailman/listinfo/satlug to unsubscribe
> > Powered by Rackspace (www.rackspace.com)
> >
More information about the SATLUG
mailing list