[c-nsp] find window's machine from Cisco Router

Church, Charles Charles.Church at harris.com
Sat Feb 6 10:03:30 EST 2010 

Sorry, meant to send this yesterday, had some email issues....

Why not enable netflow on the router, and see who's using what ports?  If
you can capture enough source and destination port info, you can compare
that to the 'fingerprint' type stuff that NMAP does and make some educated
guesses.  But NMAP from a remote machine will be far easier.  Just make sure
you own all the gear between the NMAP machine and the end hosts, since any
ISP filtering might throw off the results.

Chuck 

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Smales, Robert
Sent: Friday, February 05, 2010 12:39 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] find window's machine from Cisco Router


You can't identify the OS from a MAC address, MAC addresses are assigned by
whoever made the Ethernet chip, the Linux boxes could have cards from the
same manufacturer as the Windows boxes - I've got two home-built PCs,
identical hardware, one runs Windows 7, the other Debian Etch, you couldn't
tell them apart by their MAC addresses.

If there are only 7 devices on the OPs network, wouldn't it be simpler to
walk round the room to see what was what?

Robert
Robert Smales                                                
Technical Engineer
Cable&Wireless Worldwide
www.cw.com                              


> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of John 
> P. Schneider
> Sent: 05 February 2010 14:36
> To: 'vijay gore'; Brian Turnbow
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] find window's machine from Cisco Router
> 
> 
> Maybe I'm over simplifying this but can't you just compare 
> the MAC addresses? If you only have 7 machines it would not 
> take very long. 
> 
> 
> Thank You,
> John Schneider
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of vijay gore
> Sent: Friday, February 05, 2010 4:39 AM
> To: Brian Turnbow
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] find window's machine from Cisco Router
> 
> No sir.
> 
> it's not working,
> 
>  actually sir, in this router there are 7 PC's connected, 
> some PC having Linux OS & some PC's having Windows OS, now i 
> want to know which machine having Linux OS & which machine 
> having Windows OS.
> 
> please help me out this sir
> On Fri, Feb 5, 2010 at 3:57 PM, Brian Turnbow 
> <b.turnbow at twt.it> wrote:
> 
> >  it looks like you have loggin enabled for warings only
> >
> > try
> > logging buffered debugging
> >
> >
> > another alternative if the first does not log, is to do a debug ip 
> > packet using an access list that matches only netbios.
> > this could be more processor intensive.....
> > first create
> > access-list 102 permit udp any any range 137 138 then debug 
> ip packet 
> > 102 when done don't forget undebug all
> >
> >
> >
> >
> > Brian
> >
> > ------------------------------
> >  *From:* vijay gore [mailto:vijaygore27 at gmail.com]
> > *Sent:* venerdì 5 febbraio 2010 10.57
> > *To:* Brian Turnbow
> >
> > *Cc:* cisco-nsp at puck.nether.net
> > *Subject:* Re: [c-nsp] find window's machine from Cisco Router
> >
> >    Dear Sir,
> >
> >
> >
> > it's giving me below output, it's not showing net bios packet users,
> >
> > Router#sho log
> > Syslog logging: enabled (1 messages dropped, 0 messages 
> rate-limited,
> >                 0 flushes, 0 overruns, xml disabled, 
> filtering disabled)
> > No Active Message Discriminator.
> >
> > No Inactive Message Discriminator.
> >
> >     Console logging: level debugging, 40 messages logged, 
> xml disabled,
> >                      filtering disabled
> >     Monitor logging: level debugging, 0 messages logged, 
> xml disabled,
> >                      filtering disabled
> >     Buffer logging:  level warnings, 10 messages logged, 
> xml disabled,
> >                      filtering disabled
> >     Logging Exception size (4096 bytes)
> >     Count and timestamp logging messages: disabled
> >     Persistent logging: disabled
> > No active filter modules.
> > ESM: 0 messages dropped
> >     Trap logging: level informational, 43 message lines logged
> > Log Buffer (51200 bytes):
> > *Oct  1 15:38:06.639: %LINK-3-UPDOWN: Interface 
> FastEthernet0, changed
> > state to
> > up
> > *Oct  1 15:38:06.639: %LINK-3-UPDOWN: Interface 
> FastEthernet1, changed
> > state to
> > up
> > *Oct  1 15:38:12.823: %LINK-3-UPDOWN: Interface 
> FastEthernet9, changed
> > state to
> > up
> > *Oct  1 15:38:12.827: %LINK-3-UPDOWN: Interface 
> FastEthernet8, changed
> > state to
> > up
> > *Oct  1 15:38:12.827: %LINK-3-UPDOWN: Interface 
> FastEthernet7, changed
> > state to
> > up
> > *Oct  1 15:38:12.827: %LINK-3-UPDOWN: Interface 
> FastEthernet6, changed
> > state to
> > up
> > *Oct  1 15:38:12.831: %LINK-3-UPDOWN: Interface 
> FastEthernet5, changed
> > state to
> > up
> > *Oct  1 15:38:12.831: %LINK-3-UPDOWN: Interface 
> FastEthernet4, changed
> > state to
> > up
> > *Oct  1 15:38:12.831: %LINK-3-UPDOWN: Interface 
> FastEthernet3, changed
> > state to
> > up
> > *Oct  1 15:38:12.831: %LINK-3-UPDOWN: Interface 
> FastEthernet2, changed
> > state to
> > up
> >
> >
> >
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 

This e-mail has been scanned for viruses by the Cable & Wireless e-mail
security system - powered by MessageLabs. For more information on a
proactive managed e-mail security service, visit
http://www.cw.com/uk/emailprotection/ 

The information contained in this e-mail is confidential and may also be
subject to legal privilege. It is intended only for the recipient(s) named
above. If you are not named above as a recipient, you must not read, copy,
disclose, forward or otherwise use the information contained in this email.
If you have received this e-mail in error, please notify the sender (whose
contact details are above) immediately by reply e-mail and delete the
message and any attachments without retaining any copies.
 
Cable and Wireless plc 
Registered in England and Wales.Company Number 238525 
Registered office: 3rd Floor, 26 Red Lion Square, London WC1R 4HQ
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6514 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20100206/52bd762a/attachment.bin>

More information about the cisco-nsp mailing list