Sorry, meant to send this yesterday, had some email issues.... Why not enable netflow on the router, and see who's using what ports? If you can capture enough source and destination port info, you can compare that to the 'fingerprint' type stuff that NMAP does and make some educated guesses. But NMAP from a remote machine will be far easier. Just make sure you own all the gear between the NMAP machine and the end hosts, since any ISP filtering might throw off the results.
Chuck -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Smales, Robert Sent: Friday, February 05, 2010 12:39 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] find window's machine from Cisco Router You can't identify the OS from a MAC address, MAC addresses are assigned by whoever made the Ethernet chip, the Linux boxes could have cards from the same manufacturer as the Windows boxes - I've got two home-built PCs, identical hardware, one runs Windows 7, the other Debian Etch, you couldn't tell them apart by their MAC addresses. If there are only 7 devices on the OPs network, wouldn't it be simpler to walk round the room to see what was what? Robert Robert Smales Technical Engineer Cable&Wireless Worldwide www.cw.com > -----Original Message----- > From: cisco-nsp-boun...@puck.nether.net > [mailto:cisco-nsp-boun...@puck.nether.net]on Behalf Of John > P. Schneider > Sent: 05 February 2010 14:36 > To: 'vijay gore'; Brian Turnbow > Cc: cisco-nsp@puck.nether.net > Subject: Re: [c-nsp] find window's machine from Cisco Router > > > Maybe I'm over simplifying this but can't you just compare > the MAC addresses? If you only have 7 machines it would not > take very long. > > > Thank You, > John Schneider > > -----Original Message----- > From: cisco-nsp-boun...@puck.nether.net > [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of vijay gore > Sent: Friday, February 05, 2010 4:39 AM > To: Brian Turnbow > Cc: cisco-nsp@puck.nether.net > Subject: Re: [c-nsp] find window's machine from Cisco Router > > No sir. > > it's not working, > > actually sir, in this router there are 7 PC's connected, > some PC having Linux OS & some PC's having Windows OS, now i > want to know which machine having Linux OS & which machine > having Windows OS. > > please help me out this sir > On Fri, Feb 5, 2010 at 3:57 PM, Brian Turnbow > <b.turn...@twt.it> wrote: > > > it looks like you have loggin enabled for warings only > > > > try > > logging buffered debugging > > > > > > another alternative if the first does not log, is to do a debug ip > > packet using an access list that matches only netbios. > > this could be more processor intensive..... > > first create > > access-list 102 permit udp any any range 137 138 then debug > ip packet > > 102 when done don't forget undebug all > > > > > > > > > > Brian > > > > ------------------------------ > > *From:* vijay gore [mailto:vijaygor...@gmail.com] > > *Sent:* venerdì 5 febbraio 2010 10.57 > > *To:* Brian Turnbow > > > > *Cc:* cisco-nsp@puck.nether.net > > *Subject:* Re: [c-nsp] find window's machine from Cisco Router > > > > Dear Sir, > > > > > > > > it's giving me below output, it's not showing net bios packet users, > > > > Router#sho log > > Syslog logging: enabled (1 messages dropped, 0 messages > rate-limited, > > 0 flushes, 0 overruns, xml disabled, > filtering disabled) > > No Active Message Discriminator. > > > > No Inactive Message Discriminator. > > > > Console logging: level debugging, 40 messages logged, > xml disabled, > > filtering disabled > > Monitor logging: level debugging, 0 messages logged, > xml disabled, > > filtering disabled > > Buffer logging: level warnings, 10 messages logged, > xml disabled, > > filtering disabled > > Logging Exception size (4096 bytes) > > Count and timestamp logging messages: disabled > > Persistent logging: disabled > > No active filter modules. > > ESM: 0 messages dropped > > Trap logging: level informational, 43 message lines logged > > Log Buffer (51200 bytes): > > *Oct 1 15:38:06.639: %LINK-3-UPDOWN: Interface > FastEthernet0, changed > > state to > > up > > *Oct 1 15:38:06.639: %LINK-3-UPDOWN: Interface > FastEthernet1, changed > > state to > > up > > *Oct 1 15:38:12.823: %LINK-3-UPDOWN: Interface > FastEthernet9, changed > > state to > > up > > *Oct 1 15:38:12.827: %LINK-3-UPDOWN: Interface > FastEthernet8, changed > > state to > > up > > *Oct 1 15:38:12.827: %LINK-3-UPDOWN: Interface > FastEthernet7, changed > > state to > > up > > *Oct 1 15:38:12.827: %LINK-3-UPDOWN: Interface > FastEthernet6, changed > > state to > > up > > *Oct 1 15:38:12.831: %LINK-3-UPDOWN: Interface > FastEthernet5, changed > > state to > > up > > *Oct 1 15:38:12.831: %LINK-3-UPDOWN: Interface > FastEthernet4, changed > > state to > > up > > *Oct 1 15:38:12.831: %LINK-3-UPDOWN: Interface > FastEthernet3, changed > > state to > > up > > *Oct 1 15:38:12.831: %LINK-3-UPDOWN: Interface > FastEthernet2, changed > > state to > > up > > > > > > > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > This e-mail has been scanned for viruses by the Cable & Wireless e-mail security system - powered by MessageLabs. For more information on a proactive managed e-mail security service, visit http://www.cw.com/uk/emailprotection/ The information contained in this e-mail is confidential and may also be subject to legal privilege. It is intended only for the recipient(s) named above. If you are not named above as a recipient, you must not read, copy, disclose, forward or otherwise use the information contained in this email. If you have received this e-mail in error, please notify the sender (whose contact details are above) immediately by reply e-mail and delete the message and any attachments without retaining any copies. Cable and Wireless plc Registered in England and Wales.Company Number 238525 Registered office: 3rd Floor, 26 Red Lion Square, London WC1R 4HQ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
