[c-nsp] find window's machine from Cisco Router

Jason Shearer jshearer at amedisys.com
Fri Feb 5 13:42:41 EST 2010 

As a previous poster recommended NMAP is going to be your best bet for fingerprinting the OS.  There are ways to obfuscate the stack and trick NMAP but it will get stock machines most of the time.

Jason

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Smales, Robert
Sent: Friday, February 05, 2010 11:39 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] find window's machine from Cisco Router

You can't identify the OS from a MAC address, MAC addresses are assigned by whoever made the Ethernet chip, the Linux boxes could have cards from the same manufacturer as the Windows boxes - I've got two home-built PCs, identical hardware, one runs Windows 7, the other Debian Etch, you couldn't tell them apart by their MAC addresses.

If there are only 7 devices on the OPs network, wouldn't it be simpler to walk round the room to see what was what?

Robert
Robert Smales
Technical Engineer
Cable&Wireless Worldwide
www.cw.com


> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of John
> P. Schneider
> Sent: 05 February 2010 14:36
> To: 'vijay gore'; Brian Turnbow
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] find window's machine from Cisco Router
>
>
> Maybe I'm over simplifying this but can't you just compare
> the MAC addresses? If you only have 7 machines it would not
> take very long.
>
>
> Thank You,
> John Schneider
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of vijay gore
> Sent: Friday, February 05, 2010 4:39 AM
> To: Brian Turnbow
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] find window's machine from Cisco Router
>
> No sir.
>
> it's not working,
>
>  actually sir, in this router there are 7 PC's connected,
> some PC having Linux OS & some PC's having Windows OS, now i
> want to know which machine having Linux OS & which machine
> having Windows OS.
>
> please help me out this sir
> On Fri, Feb 5, 2010 at 3:57 PM, Brian Turnbow
> <b.turnbow at twt.it> wrote:
>
> >  it looks like you have loggin enabled for warings only
> >
> > try
> > logging buffered debugging
> >
> >
> > another alternative if the first does not log, is to do a debug ip
> > packet using an access list that matches only netbios.
> > this could be more processor intensive.....
> > first create
> > access-list 102 permit udp any any range 137 138 then debug
> ip packet
> > 102 when done don't forget undebug all
> >
> >
> >
> >
> > Brian
> >
> > ------------------------------
> >  *From:* vijay gore [mailto:vijaygore27 at gmail.com]
> > *Sent:* venerdì 5 febbraio 2010 10.57
> > *To:* Brian Turnbow
> >
> > *Cc:* cisco-nsp at puck.nether.net
> > *Subject:* Re: [c-nsp] find window's machine from Cisco Router
> >
> >    Dear Sir,
> >
> >
> >
> > it's giving me below output, it's not showing net bios packet users,
> >
> > Router#sho log
> > Syslog logging: enabled (1 messages dropped, 0 messages
> rate-limited,
> >                 0 flushes, 0 overruns, xml disabled,
> filtering disabled)
> > No Active Message Discriminator.
> >
> > No Inactive Message Discriminator.
> >
> >     Console logging: level debugging, 40 messages logged,
> xml disabled,
> >                      filtering disabled
> >     Monitor logging: level debugging, 0 messages logged,
> xml disabled,
> >                      filtering disabled
> >     Buffer logging:  level warnings, 10 messages logged,
> xml disabled,
> >                      filtering disabled
> >     Logging Exception size (4096 bytes)
> >     Count and timestamp logging messages: disabled
> >     Persistent logging: disabled
> > No active filter modules.
> > ESM: 0 messages dropped
> >     Trap logging: level informational, 43 message lines logged
> > Log Buffer (51200 bytes):
> > *Oct  1 15:38:06.639: %LINK-3-UPDOWN: Interface
> FastEthernet0, changed
> > state to
> > up
> > *Oct  1 15:38:06.639: %LINK-3-UPDOWN: Interface
> FastEthernet1, changed
> > state to
> > up
> > *Oct  1 15:38:12.823: %LINK-3-UPDOWN: Interface
> FastEthernet9, changed
> > state to
> > up
> > *Oct  1 15:38:12.827: %LINK-3-UPDOWN: Interface
> FastEthernet8, changed
> > state to
> > up
> > *Oct  1 15:38:12.827: %LINK-3-UPDOWN: Interface
> FastEthernet7, changed
> > state to
> > up
> > *Oct  1 15:38:12.827: %LINK-3-UPDOWN: Interface
> FastEthernet6, changed
> > state to
> > up
> > *Oct  1 15:38:12.831: %LINK-3-UPDOWN: Interface
> FastEthernet5, changed
> > state to
> > up
> > *Oct  1 15:38:12.831: %LINK-3-UPDOWN: Interface
> FastEthernet4, changed
> > state to
> > up
> > *Oct  1 15:38:12.831: %LINK-3-UPDOWN: Interface
> FastEthernet3, changed
> > state to
> > up
> > *Oct  1 15:38:12.831: %LINK-3-UPDOWN: Interface
> FastEthernet2, changed
> > state to
> > up
> >
> >
> >
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

This e-mail has been scanned for viruses by the Cable & Wireless e-mail security system - powered by MessageLabs. For more information on a proactive managed e-mail security service, visit http://www.cw.com/uk/emailprotection/

The information contained in this e-mail is confidential and may also be subject to legal privilege. It is intended only for the recipient(s) named above. If you are not named above as a recipient, you must not read, copy, disclose, forward or otherwise use the information contained in this email. If you have received this e-mail in error, please notify the sender (whose contact details are above) immediately by reply e-mail and delete the message and any attachments without retaining any copies.

Cable and Wireless plc
Registered in England and Wales.Company Number 238525
Registered office: 3rd Floor, 26 Red Lion Square, London WC1R 4HQ
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

*** NOTICE--The attached communication contains privileged and confidential information. If you are not the intended recipient, DO NOT read, copy, or disseminate this communication. Non-intended recipients are hereby placed on notice that any unauthorized disclosure, duplication, distribution, or taking of any action in reliance on the contents of these materials is expressly prohibited. If you have received this communication in error, please delete this information in its entirety and contact the Amedisys Privacy Hotline at 1-866-518-6684. Also, please immediately notify the sender via e-mail that you have received this communication in error. ***

More information about the cisco-nsp mailing list