The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,318 other followers

Archive for the ‘nmap’ Category

Thread by @b0rk: “nmap i haven’t used nmap much except to scan my home network for fun so if i missed something really important i’d love to know! […]”

Posted by jpluimers on 2021/02/05

[WayBack] Thread by @b0rk: “nmap i haven’t used nmap much except to scan my home network for fun so if i missed something really important i’d love to know! […]”


i haven’t used nmap much except to scan my home network for fun so if i missed something really important i’d love to know!

also i need to find space in there somewhere for “if you don’t run nmap as root it can’t send icmp (ping) packets, it’s better to run nmap as root”

also be careful when nmapping in a network you don’t administer! it’s a popular hacking tool so using nmap is often discouraged / banned. i made all of the examples in this comic “nmap scanme.nmap.org” and “nmap your home network” for a reason :)

There are are quite a few interesting comments on the thread:

And it taught me about scanme.nmap.org: [WayBack] Go ahead and ScanMe!

Hello, and welcome to Scanme.Nmap.Org, a service provided by the Nmap Security Scanner Project and Insecure.Org.

We set up this machine to help folks learn about Nmap and also to test and make sure that their Nmap installation (or Internet connection) is working properly. You are authorized to scan this machine with Nmap or other port scanners. Try not to hammer on the server too hard. A few scans in a day is fine, but dont scan 100 times a day or use this site to test your ssh brute-force password cracking tool.

Thanks
Fyodor

–jeroen

Read the rest of this entry »

Posted in *nix, *nix-tools, nmap, Power User | Leave a Comment »

56 Linux Networking commands and scripts

Posted by jpluimers on 2021/01/25

Back in 2019, there were 56 commands and scripts covered. I wonder how many there are now.

An ongoing list of Linux Networking Commands and Scripts. These commands and scripts can be used to configure or troubleshoot your Linux network.

Source: [WayBack55 Linux Networking commands and scripts

List back then (which goes beyond just built-in commands: many commands from optional packages are here as well):

  1. arpwatch – Ethernet Activity Monitor.
  2. bmon – bandwidth monitor and rate estimator.
  3. bwm-ng – live network bandwidth monitor.
  4. curl – transferring data with URLs. (or try httpie)
  5. darkstat – captures network traffic, usage statistics.
  6. dhclient – Dynamic Host Configuration Protocol Client
  7. dig – query DNS servers for information.
  8. dstat – replacement for vmstat, iostat, mpstat, netstat and ifstat.
  9. ethtool – utility for controlling network drivers and hardware.
  10. gated – gateway routing daemon.
  11. host – DNS lookup utility.
  12. hping – TCP/IP packet assembler/analyzer.
  13. ibmonitor – shows bandwidth and total data transferred.
  14. ifstat –  report network interfaces bandwidth.
  15. iftop – display bandwidth usage.
  16. ip (PDF file) – a command with more features that ifconfig (net-tools).
  17. iperf3 – network bandwidth measurement tool. (above screenshot Stacklinux VPS)
  18. iproute2 – collection of utilities for controlling TCP/IP.
  19. iptables – take control of network traffic.
  20. IPTraf – An IP Network Monitor.
  21. iputils – set of small useful utilities for Linux networking.
  22. jwhois (whois) – client for the whois service.
  23. “lsof -i” – reveal information about your network sockets.
  24. mtr – network diagnostic tool.
  25. net-tools – utilities include: arp, hostname, ifconfig, netstat, rarp, route, plipconfig, slattach, mii-tool, iptunnel and ipmaddr.
  26. ncat – improved re-implementation of the venerable netcat.
  27. netcat – networking utility for reading/writing network connections.
  28. nethogs – a small ‘net top’ tool.
  29. Netperf – Network bandwidth Testing.
  30. netsniff-ng – Swiss army knife for daily Linux network plumbing.
  31. netstat – Print network connections, routing tables, statistics, etc.
  32. netwatch – monitoring Network Connections.
  33. ngrep – grep applied to the network layer.
  34. nload – display network usage.
  35. nmap – network discovery and security auditing.
  36. nslookup – query Internet name servers interactively.
  37. ping – send icmp echo_request to network hosts.
  38. route – show / manipulate the IP routing table.
  39. slurm – network load monitor.
  40. snort – Network Intrusion Detection and Prevention System.
  41. smokeping –  keeps track of your network latency.
  42. socat – establishes two bidirectional byte streams and transfers data between them.
  43. speedometer – Measure and display the rate of data across a network.
  44. speedtest-cli – test internet bandwidth using speedtest.net
  45. ss – utility to investigate sockets.
  46. ssh –  secure system administration and file transfers over insecure networks.
  47. tcpdump – command-line packet analyzer.
  48. tcptrack – Displays information about tcp connections on a network interface.
  49. telnet – user interface to the TELNET protocol.
  50. tracepath – very similar function to traceroute.
  51. traceroute – print the route packets trace to network host.
  52. vnStat – network traffic monitor.
  53. wget –  retrieving files using HTTP, HTTPS, FTP and FTPS.
  54. Wireless Tools for Linux – includes iwconfig, iwlist, iwspy, iwpriv and ifrename.
  55. Wireshark – network protocol analyzer.

Via:

–jeroen

Posted in *nix, *nix-tools, cURL, dig, nmap, Power User, ssh/sshd, tcpdump, Wireshark | Leave a Comment »

Workaround for “Nmap 7.8 Assertion failed: htn.toclock_running == true” · Issue #1764 · nmap/nmap · GitHub

Posted by jpluimers on 2020/03/27

I got this on Windows 10, 8.1 and 7, MacOS and Linux:

C:\bin>nmap -sn 192.168.71.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-24 13:44 W. Europe Standard Time
Assertion failed: htn.toclock_running == true, file ..\Target.cc, line 503

Luckily [WayBack] Nmap 7.8 Assertion failed: htn.toclock_running == true · Issue #1764 · nmap/nmap · GitHub has a solution: add the --max-parallelism 100 parameter:

C:\bin>nmap -sn --max-parallelism 100 192.168.71.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-24 13:48 W. Europe Standard Time
Nmap scan report for 192.168.71.1
...
Host is up.
Nmap done: 256 IP addresses (50 hosts up) scanned in 54.07 seconds

The other workaround is to have at least one ARP request succeed.

Via [WayBack] “Assertion failed: htn.toclock_running == true, file ..\Target.cc, line 503” – Google Search

–jeroen

Posted in *nix, *nix-tools, nmap, Power User | Leave a Comment »

CitiZen nmap output

Posted by jpluimers on 2019/06/14

CitiZen nmap output: beagleboard with these open ports:

  • 22 – ssh
  • 80 – http
  • 81 – unknown
  • 1883 – mqtt
  • 35505 – http

–jeroen

Posted in *nix, *nix-tools, nmap, Power User | Leave a Comment »

ScanSnap ix100 open ports

Posted by jpluimers on 2019/01/25

For my archive: the open ports on the ix100 WiFi connection:

# sudo nmap -O -v -A -p- -Pn 192.168.0.1
Password:

Starting Nmap 7.50 ( https://nmap.org ) at 2017-08-01 17:40 CEST
NSE: Loaded 144 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 17:40
Completed NSE at 17:40, 0.00s elapsed
Initiating NSE at 17:40
Completed NSE at 17:40, 0.00s elapsed
Initiating ARP Ping Scan at 17:40
Scanning 192.168.0.1 [1 port]
Completed ARP Ping Scan at 17:40, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 17:40
Completed Parallel DNS resolution of 1 host. at 17:40, 0.03s elapsed
Initiating SYN Stealth Scan at 17:40
Scanning 192.168.0.1 [65535 ports]
Discovered open port 53218/tcp on 192.168.0.1
Discovered open port 53219/tcp on 192.168.0.1
Completed SYN Stealth Scan at 17:40, 51.05s elapsed (65535 total ports)
Initiating Service scan at 17:40
Scanning 2 services on 192.168.0.1
Service scan Timing: About 50.00% done; ETC: 17:41 (0:00:32 remaining)
Completed Service scan at 17:41, 31.85s elapsed (2 services on 1 host)
Initiating OS detection (try #1) against 192.168.0.1
NSE: Script scanning 192.168.0.1.
Initiating NSE at 17:41
Completed NSE at 17:41, 0.04s elapsed
Initiating NSE at 17:41
Completed NSE at 17:41, 0.02s elapsed
Nmap scan report for 192.168.0.1
Host is up (0.0037s latency).
Not shown: 65533 closed ports
PORT      STATE SERVICE VERSION
53218/tcp open  unknown
| fingerprint-strings: 
|   DNSStatusRequest, DNSVersionBindReq, GenericLines, LPDString, NULL, WMSRequest, afp, oracle-tns: 
|_    VENS
53219/tcp open  unknown
| fingerprint-strings: 
|   DNSStatusRequest, DNSVersionBindReq, GenericLines, LPDString, NULL, WMSRequest, afp, oracle-tns: 
|_    VENS
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port53218-TCP:V=7.50%I=7%D=8/1%Time=5980A106%P=x86_64-apple-darwin16.6.
SF:0%r(NULL,10,"\0\0\0\x10VENS\0\0\0\0\0\0\0\0")%r(GenericLines,10,"\0\0\0
SF:\x10VENS\0\0\0\0\0\0\0\0")%r(DNSVersionBindReq,10,"\0\0\0\x10VENS\0\0\0
SF:\0\0\0\0\0")%r(DNSStatusRequest,10,"\0\0\0\x10VENS\0\0\0\0\0\0\0\0")%r(
SF:LPDString,10,"\0\0\0\x10VENS\0\0\0\0\0\0\0\0")%r(WMSRequest,10,"\0\0\0\
SF:x10VENS\0\0\0\0\0\0\0\0")%r(oracle-tns,10,"\0\0\0\x10VENS\0\0\0\0\0\0\0
SF:\0")%r(afp,10,"\0\0\0\x10VENS\0\0\0\0\0\0\0\0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port53219-TCP:V=7.50%I=7%D=8/1%Time=5980A106%P=x86_64-apple-darwin16.6.
SF:0%r(NULL,10,"\0\0\0\x10VENS\0\0\0\0\0\0\0\0")%r(GenericLines,10,"\0\0\0
SF:\x10VENS\0\0\0\0\0\0\0\0")%r(DNSVersionBindReq,10,"\0\0\0\x10VENS\0\0\0
SF:\0\0\0\0\0")%r(DNSStatusRequest,10,"\0\0\0\x10VENS\0\0\0\0\0\0\0\0")%r(
SF:LPDString,10,"\0\0\0\x10VENS\0\0\0\0\0\0\0\0")%r(WMSRequest,10,"\0\0\0\
SF:x10VENS\0\0\0\0\0\0\0\0")%r(oracle-tns,10,"\0\0\0\x10VENS\0\0\0\0\0\0\0
SF:\0")%r(afp,10,"\0\0\0\x10VENS\0\0\0\0\0\0\0\0");
MAC Address: 84:25:3F:25:7F:21 (silex technology)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.17 - 2.6.36
Uptime guess: 248.550 days (since Sat Nov 26 03:30:04 2016)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=199 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE
HOP RTT     ADDRESS
1   3.66 ms 192.168.0.1

NSE: Script Post-scanning.
Initiating NSE at 17:41
Completed NSE at 17:41, 0.00s elapsed
Initiating NSE at 17:41
Completed NSE at 17:41, 0.00s elapsed
Read data files from: /usr/local/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 85.09 seconds
           Raw packets sent: 65856 (2.898MB) | Rcvd: 65608 (2.625MB)

The nmap is aliased as nmap-fingerprint_host_all-ports-even-if-ping-fails

–jeroen

Posted in *nix, *nix-tools, Fujitsu ScanSnap, ix100, nmap, Power User, Scanners | Leave a Comment »

 
<span>%d</span> bloggers like this: