EzDevInfo.com

nmap interview questions

Top nmap frequently asked interview questions

How do I detect iPhone on network?

I am trying to detect if my iPhone is in the same network as my Raspberry Pi. I would like to execute a script when I am at home and my iPhone's presence is registered in my LAN.

It seems that when the phone is in standby not even the iphone-sync port (6207/tcp) is found. "/usr/bin/nmap -n -sT -p62078 [my phone's local IP]" shows no host. I wonder what else I could scan for. Obviously the phone is online and ready to accept facetime calls (data via 3G is deactivated). Could I accomplish something with avahi which I am using on my Raspberry Pi, or are there other ways.


Source: (StackOverflow)

Lua/NSE socket connection problem

I can telnet to a certain host and port no problem and issue commands. However when i try to script a socket connection (using nmap NSE and Lua) to the same host and port, it fails with the following error message:

|_sockettest: Trying to receive through a closed socket

the socket connect part of my code is here:

local msg
local response
msg = "hello\n"

local socket = nmap.new_socket()
socket:set_timeout(150000)
socket:send(msg)

response,data = socket:receive()
return data

I think the data is sending ok. The server should just echo back what i sent. Does anyone know what the problem could be?


Source: (StackOverflow)

Advertisements

How do I perform a massive amount of concurrent pings?

I'm needing to ping about 2500 servers at one time, in intervals of about 15-30 minutes. This is to show semi-real time server status information. This could potentially scale to tens of thousands of sites eventually, so I need to keep that in mind while thinking about this.

I'm using an Ubuntu 10.10 VPS (Bash) and using Ruby.

Is there any way to go about doing this?

Edit: I should also note that I only care if the server is online. So first packet received should suffice.


Source: (StackOverflow)

How to find out how many clients are on a certain address range?

I tried googling for this but i didnt find anything... I am building a port scanner and i would like to make it so, that i can scan a network range e.g 192.168.2.* and find out how many computers are on that range that are online. Alot like Nmap. I am programming in python. Is this possible in Python?


Source: (StackOverflow)

NMap wrapper for Java

Is there an NMap wrapper implementation for Java ? I searched for it but could not find one. I want to scan network and detect applications running based on some port's state. I guess this must be a pretty common problem.

If its not nmap, then can somebody suggest alternate tools to detect the same.

Thanking in advance.


Source: (StackOverflow)

Bash Script Block All Apple Devices

I am trying to create a shell script to block all apple devices on my network. I am using nmap for os detection. What I have so far is this:

while (true) do
    nmap -O -T4 -p 22,80 -v 172.20.0.0/24 | grep -B9 'OS details: Apple' | \
        grep 'Nmap scan report for' | cut -f4 -d'r' | cut -f2 -d' ' | \
        iptables -i wlan0 -A INPUT -j DROP -s
    sleep 10
done

Is there a way to simplify this at all so there is less grepping and cutting involved? Also, this script will run into errors if there are more than one or zero apple devices found on the network. Is it possible to add logic for that?


Source: (StackOverflow)

Output IP only from an nmap scan on open port

I'm wanting to find computers with ssh open on my subnet but it shows all host that are up in the results and not just the ones that have open ports this is my command

nmap -PN -p 22 --open -oG - 192.168.*.* | awk '{print $2}' > sshopen.txt

Thanks


Source: (StackOverflow)

Whats the difference between -sS and -PS in nmap?

I was learning how to use nmap and i have gone through many documentations and tutorials but no where iam getting perfect information about what is the use of -sS and -PS. In general what is the differences between all -s 's and -P 's? Both are for scanning right?

sudo nmap -sS 192.168.0.50
sudo nmap -PS 192.168.0.50

Whats the difference between both of them?

Thanks in advance.


Source: (StackOverflow)

is it possible to get the MAC address for machine using nmap

I have a list of remote machines in a text files. Can I know their MAC addresses using nmap ?


Source: (StackOverflow)

nmap warning: giving up on port because retransmission cap hit (2)

I am trying to scan a large set of domain names using nmap. I used the following command:

Nmap -PN -p443 -sS -T5 -oX out.xml -iL in.csv

I get the following warning:

Warning: xx.xx.xx.xx giving up on port because retransmission cap hit (2).

Why does this happen? How to resolve the issue ?


Source: (StackOverflow)

Should I use Nmap::Parser or Nmap::Scanner to audit a network?

I'd like to audit the equipment of my large network in the fastest way possible. Should i use Nmap::Parser or Nmap::Scanner?

I want to create a list of IP addresses that return a ping as well as a related OS footprint and identification.

Example:

ping 192.168.*.*

Then when I get a successful ping, store the IP address in a hash along with a guess of what the OS is


Source: (StackOverflow)

Reading information from nmap poodle vulnerability result. Bash script

I need to make a bash script that will give me a list of true or false depending on the address it scanned. Right now I have this simple script

#!/bin/bash
input="/root/file1"
input2="/root/file2"
paste -d, file{1,2}.txt | while IFS=, read x y; 
do   nmap -sV --version-light --script ssl-poodle -p $y $x
if something(detects its vulnerable)
echo "true">>file3.txt
else (not vulnerable)
echo "false">>fie3.txt
done

the information nmap returns when vulerable is

Nmap scan report for ip Host is up (0.044s latency). PORT STATE SERVICE VERSION port/tcp open ssl/http Microsoft IIS | ssl-poodle: | VULNERABLE: | SSL POODLE information leak | State: VULNERABLE

Is there a way to detect the word vulnerable, or what would be the best way to do it?


Source: (StackOverflow)

Search for a specific word when reading a --traceroute command in java code using bufferreader

I am trying to search the word "hop" from the traceroute output, but somehow its not displaying that line on console. Please let me know where I am going wrong.

Here is my code:

import java.io.*;

public class TestExec {
  public static void main(String[] args) {
    try {
      String[] cmdarray = { "nmap", "--traceroute", "nmap.org" };
      Process p = Runtime.getRuntime().exec(cmdarray);
      BufferedReader in = new BufferedReader(new InputStreamReader(
          p.getInputStream()));
      String line = null;
      while ((line = in.readLine()) != null) {
        if (line.contains("hop")) {
          System.out.println(line);
        }
      }
    } catch (IOException e) {
      e.printStackTrace();
    }
  }
}

Source: (StackOverflow)

How to find IP address range

When I use this command which IP addresed are scanned

# nmap -sP 192.168.0.120/25

CAn you please help me how to get the IP range when I have the addres and subnet. Because I am trying to understand this, but no result till now..Thanks in advance


Source: (StackOverflow)

Regexp on nmap services file

I need to filter with sed only the ports from /usr/share/nmap/nmap-services

tcpmux  1/tcp   0.001995        # TCP Port Service Multiplexer [rfc-1078]
compressnet     2/tcp   0.000013        # Management Utility
compressnet     3/tcp   0.001242        # Compression Process
unknown 4/tcp   0.000477
unknown 6/tcp   0.000502
echo    7/tcp   0.004855
unknown 8/tcp   0.000013
discard 9/tcp   0.003764        # sink null
unknown 10/tcp  0.000063
systat  11/tcp  0.000075        # Active Users

I've tryed something like (!?([0-9]+/tcp)) But it wont work: why?

Thank you


Source: (StackOverflow)