Nmap results

What's the best way to setup a home network? Why should I care about BGP?

Nmap results

Post by smb on Sun Jan 03, 2010 6:16 pm
([msg=32765]see Nmap results[/msg])

I was scanning a net at work and see a ton of IPs come up. the first 5 or so are the server and what not. got that. however the next 30 or so, all have the same MAC address. different IPs. the way the nets wired. is it goes through 26 port switches 2 per floor total off.... 7 switches (catalysis 2950's) any idea whats going on here? the switches feed all the rooms on each floor. Not sure if I'm seeing the different computers connected to the switch's or what?
smb
New User
New User
 
Posts: 3
Joined: Sat Dec 12, 2009 11:26 pm
Blog: View Blog (0)


Re: Nmap results

Post by Defience on Tue Jan 05, 2010 8:28 pm
([msg=32886]see Re: Nmap results[/msg])

Try using Zenmap which is Nmap in a GUI. Here's an image of how it maps out routes:
http://nukeit.org/wp-content/uploads/2008/08/zenmap02.png
User avatar
Defience
Addict
Addict
 
Posts: 1265
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Nmap results

Post by thetan on Tue Jan 05, 2010 11:11 pm
([msg=32900]see Re: Nmap results[/msg])

It's important to remember that switches route packet data typically at Layer 2 of the OSI model commonly referred to as the Data Link Layer. This layer comes before and thus encapsulates the Network Layer (Layer 3, the IP layer). Meaning that switches could really care less about any given IP address coming in or going out from any given port as their focus is on the MAC address (also known as Ethernet address or hardware address). Switches typically learn what hardware device is connected to what port just by monitoring the flow of data and mapping MAC addresses to specific ports, kind of like an ARP table but with physical ports instead of IP's.

Now knowing that switches learn and build these MAC address tables to route data efficiently, think about what would happen to those MAC tables if switches didn't blast their MAC address over everything they push out?

Here's a real world example. At my work we have 5 48 port gigabit switches (almost every port is used too) which total out to over 240 Mac addresses (switches have MAC addresses too) meaning that for every packet sent through every port that switch would have to search (typically a binary search, meaning it's a worse case O(log n) operation, which isn't bad ... yet) for that MAC address to find out what port to send it in. Now 240 doesn't sound like a big number but remember it's a gigabit switch meaning it has to search that MAC table thousands of times per port (assuming every host is always sending data) for 48 ports.

However, it's worth noting that you can have virtual interfaces to physical NIC's which is another case where you can have matching MACs to seperate IP's. However, in this case 30 virtual interfaces may be a bit extreme (unless you're running a VPS service or something)

So yeah, best bet says it's the switches MAC address written over to minimize MAC tables. Port scan for port 21 being open on all of those with the matching MAC and try to telnet into any one you find, i bet one will be a switch.

Or if you connect a terminal (usually via 9 pin serial port) or a computer with a terminal emulator to the switch and reboot it, it will usually print the MAC address during the boot process.
"If art interprets our dreams, the computer executes them in the guise of programs!" - SICP

Image

“If at first, the idea is not absurd, then there is no hope for it” - Albert Einstein
User avatar
thetan
Contributor
Contributor
 
Posts: 657
Joined: Thu Dec 17, 2009 6:58 pm
Location: Various Bay Area Cities, California
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests