Re: [gentoo-user] nmap - device name.
On 02/11/2017 02:10 PM, Nils Freydank wrote: > Hi Thelma and others, > > On Fri Feb 10 2017, 18:34:34 CET wrote the...@sys-concept.com: >> When I scan my local network: >> nmap -sn 10.10.0.0/24 >> >> It prints all the devices connected to it but sometimes it prints the >> device "name" and sometimes it doesn't eg: >> >> Nmap scan report for iaxy (10.0.0.108) >> Host is up (-0.095s latency). >> MAC Address: 00:0F:D3:00:30:DD (Digium) >> >> Nmap scan report for 10.10.0.3 >> Host is up (0.00017s latency). >> MAC Address: 54:7F:54:76:61:0D (Ingenico) >> >> "...for "name" + IP" >> "...for + IP >> >> Where is it taking the "name" from? >> It would like to assign a label "name" to all devices. >> -- >> Thelma > > I’d say that the name "iaxy" is a via DNS (reverse) resolved hostname; maybe > there is a DNS server running (or there are entries in /etc/hosts) or it’s > just > zeroconf/bonjour[1], which runs nowadays virtually everywhere. > > The other part looks to me as vendors names nmap got from the MAC addresses > which first parts are vendor specific. > > A quick search[2] gave me these two results (beside some other ones) who seem > to confirm my thoughts: > > http://superuser.com/questions/702309/how-to-get-device-name-from-scan-like-nmap-on-linux > http://stackoverflow.com/questions/27817412/why-nmap-sometimes-does-not-show-device-name > > [1] https://en.wikipedia.org/wiki/Zero-configuration_networking > [2] https://duckduckgo.com/?q=nmap+device+names&t=ffab&ia=qa > > Hope that helps you :) > > PS: What exactly does '-sn' (or is it just a typo)? My nmap doesn't complain > when I use it, but the manpage only knows about '-sN' here > (net-analyzer/nmap-7.40). -sn: Ping Scan - disable port scan The only difference between the two networks that I'm aware of is one runs dd-wrt on Linksys router and the other (with names showing) runs on Asus NT-R16 router. Non of them run DNS server to my knowledge. -- Thelma
Re: [gentoo-user] nmap - device name.
Hi Thelma and others, On Fri Feb 10 2017, 18:34:34 CET wrote the...@sys-concept.com: > When I scan my local network: > nmap -sn 10.10.0.0/24 > > It prints all the devices connected to it but sometimes it prints the > device "name" and sometimes it doesn't eg: > > Nmap scan report for iaxy (10.0.0.108) > Host is up (-0.095s latency). > MAC Address: 00:0F:D3:00:30:DD (Digium) > > Nmap scan report for 10.10.0.3 > Host is up (0.00017s latency). > MAC Address: 54:7F:54:76:61:0D (Ingenico) > > "...for "name" + IP" > "...for + IP > > Where is it taking the "name" from? > It would like to assign a label "name" to all devices. > -- > Thelma I’d say that the name "iaxy" is a via DNS (reverse) resolved hostname; maybe there is a DNS server running (or there are entries in /etc/hosts) or it’s just zeroconf/bonjour[1], which runs nowadays virtually everywhere. The other part looks to me as vendors names nmap got from the MAC addresses which first parts are vendor specific. A quick search[2] gave me these two results (beside some other ones) who seem to confirm my thoughts: http://superuser.com/questions/702309/how-to-get-device-name-from-scan-like-nmap-on-linux http://stackoverflow.com/questions/27817412/why-nmap-sometimes-does-not-show-device-name [1] https://en.wikipedia.org/wiki/Zero-configuration_networking [2] https://duckduckgo.com/?q=nmap+device+names&t=ffab&ia=qa Hope that helps you :) PS: What exactly does '-sn' (or is it just a typo)? My nmap doesn't complain when I use it, but the manpage only knows about '-sN' here (net-analyzer/nmap-7.40). -- Nils Freydank GnuPG-Key: 0x44594171807206CF @ hkp://keys.gnupg.net fpr: AA2D 5CC0 0457 297F 6164 3911 4459 4171 8072 06CF signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] nmap - device name.
On 02/11/2017 11:33 AM, Stroller wrote: > >> On 11 Feb 2017, at 01:34, the...@sys-concept.com wrote: >> >> Nmap scan report for iaxy (10.0.0.108) >> Nmap scan report for 10.10.0.3 > > The first things I would do is look up those IPs myself. > >>From the host running nmap, I'd first try running nslookup on 10.0.0.108 and >>10.10.0.3. > > Ultimately the question would seem to be whether nmap is getting those names > through local name resolution, or whether its some kind of nmap "magic" > performed during the port-scan. > > Stroller. Yes, the command was run on two different networks: 10.0.0.0 and 10.10.0.0 So it must have something to do with network setup. -- Thelma
Re: [gentoo-user] nmap - device name.
> On 11 Feb 2017, at 01:34, the...@sys-concept.com wrote: > > Nmap scan report for iaxy (10.0.0.108) > Nmap scan report for 10.10.0.3 The first things I would do is look up those IPs myself. From the host running nmap, I'd first try running nslookup on 10.0.0.108 and 10.10.0.3. Ultimately the question would seem to be whether nmap is getting those names through local name resolution, or whether its some kind of nmap "magic" performed during the port-scan. Stroller.
Re: [gentoo-user] nmap - device name.
On Sat, Feb 11, 2017 at 1:09 PM, wrote: > On 02/10/2017 06:34 PM, the...@sys-concept.com wrote: > > When I scan my local network: > > nmap -sn 10.10.0.0/24 > > > > It prints all the devices connected to it but sometimes it prints the > > device "name" and sometimes it doesn't eg: > > > > Nmap scan report for iaxy (10.0.0.108) > > Host is up (-0.095s latency). > > MAC Address: 00:0F:D3:00:30:DD (Digium) > > > > Nmap scan report for 10.10.0.3 > > Host is up (0.00017s latency). > > MAC Address: 54:7F:54:76:61:0D (Ingenico) > > > > "...for "name" + IP" > > "...for + IP > > > > Where is it taking the "name" from? > > It would like to assign a label "name" to all devices. > > The device name have something to do with network configuration as I > have two networks, one display devices name the other doesn't. > eg. both devices are "audiocodes" > > Nmap scan report for 10.10.0.8 > Host is up (0.0010s latency). > MAC Address: 00:90:8F:1D:FF:F1 (Audio Codes) > > Nmap scan report for audiocodes (10.0.0.110) > Host is up (0.00075s latency). > MAC Address: 00:90:8F:1D:FF:7F (Audio Codes) > > The first half of MAC addresses is the vendor code (aka organisationally unique identifier) https://en.wikipedia.org/wiki/MAC_address You can look them up and you often seem network chipset vendor names like Intel, Broadcom etc, or in your case "AUDIO CODES LTD." http://www.macmonster.co.uk/macoui=00908F
Re: [gentoo-user] nmap - device name.
On 02/10/2017 06:34 PM, the...@sys-concept.com wrote: > When I scan my local network: > nmap -sn 10.10.0.0/24 > > It prints all the devices connected to it but sometimes it prints the > device "name" and sometimes it doesn't eg: > > Nmap scan report for iaxy (10.0.0.108) > Host is up (-0.095s latency). > MAC Address: 00:0F:D3:00:30:DD (Digium) > > Nmap scan report for 10.10.0.3 > Host is up (0.00017s latency). > MAC Address: 54:7F:54:76:61:0D (Ingenico) > > "...for "name" + IP" > "...for + IP > > Where is it taking the "name" from? > It would like to assign a label "name" to all devices. The device name have something to do with network configuration as I have two networks, one display devices name the other doesn't. eg. both devices are "audiocodes" Nmap scan report for 10.10.0.8 Host is up (0.0010s latency). MAC Address: 00:90:8F:1D:FF:F1 (Audio Codes) Nmap scan report for audiocodes (10.0.0.110) Host is up (0.00075s latency). MAC Address: 00:90:8F:1D:FF:7F (Audio Codes) -- Thelma