next step in mapping home network

Data that travels over the air and how to protect (or decipher) it

next step in mapping home network

Post by ghostheadx2 on Sun Apr 24, 2016 12:44 am
([msg=92199]see next step in mapping home network[/msg])

I am having problems using nmap to scan my home network. Specifically, I don't know how to read the result of this scan. I tried this from a tutorial:

Code: Select all
root@blackJesus:~# nmap -Ss -A 10.0.1.101
WARNING: If -S is being used to fake your source address, you may also have to use -e <interface> and -Pn .  If you are using it to specify your real source address, you can ignore this warning.

Starting Nmap 6.49BETA4 ("link to nmap's site") at 2016-04-23 03:47 BST
Could not figure out what device to send the packet out on with the source address you gave me!  If you are trying to sp00f your scan, this is normal, just give the -e eth0 or -e ppp0 or whatever.  Otherwise you can still use -e, but I find it kind of fishy.
QUITTING!


The following MAY have solved the problem:

Code: Select all
root@blackJesus:~# nmap -Pn -A 1.0.1.101

Starting Nmap 6.49BETA4 ("link to nmap's website") at 2016-04-23 04:01 BST
Nmap scan report for 1.0.1.101
Host is up (0.022s latency).
Not shown: 997 filtered ports
PORT     STATE SERVICE     VERSION
21/tcp   open  ftp?
|_ftp-bounce: no banner
554/tcp  open  rtsp?
7070/tcp open  realserver?
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: broadband router|general purpose|WAP
Running (JUST GUESSING): Scientific Atlanta embedded (98%), NetBSD 5.X|6.X|4.X (94%), Linux 2.6.X|2.4.X (93%), Linksys Linux 2.4.X (91%), Apple NetBSD (88%)
OS CPE: cpe:/h:scientificatlanta:webstar_dpc2100r2 cpe:/o:netbsd:netbsd:5.0 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.4 cpe:/o:linksys:linux_kernel:2.4 cpe:/o:netbsd:netbsd:6 cpe:/o:netbsd:netbsd:4.99.49 cpe:/o:apple:netbsd
Aggressive OS guesses: Scientific Atlanta WebSTAR DPC2100R2 cable modem (98%), NetBSD 5.0 (94%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (93%), Linux 2.4.18 (92%), OpenWrt White Russian 0.9 (Linux 2.4.30) (91%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (91%), NetBSD 6.1.2 (89%), NetBSD 4.99.49 (x86) (89%), Apple AirPort Extreme WAP (version 7.7.3) (88%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop

TRACEROUTE (using port 21/tcp)
HOP RTT      ADDRESS
1   24.69 ms 1.0.1.101

OS and Service detection performed. Please report any incorrect results at "link to nmap's site I cannot post again"
Nmap done: 1 IP address (1 host up) scanned in 197.78 seconds



So now I don't know how to read that result. I get that it can't determine if the port is open or closed. In fact it they are clearly all filtered because nmap could not find "at least one open and one closed port." My guess is the program is failing because of my router's wifi security. I'm trying to find open ports and I'm also trying to hack my home network.

I tried a while ago to hack my wifi and failed right? I want to be able to identify individual computers on the network. But if this won't work on the router, how will it work on something connected to the router? I am also having trouble reading my results. I found some web pages to explain the ports.

On youtube, there aren't a lot of tutorial that actually describe how port scanning works. Just ones that describe how to scan them, usually with nmap. I am concerned with learning the different scans and I found some web pages that do that but the authors weren't really good explainers. I'm also really tired and I'm having trouble focusing after a few hours and probably need some sleep.

I want to understand the different types of scans. I think I can learn the difference between tcp and udp ports. I think open ports are ports that input and output info, closed ports won't let info input into it or output out of it, and filtered means that nmap can't tell if its open or closed.

What I got I think was all filtered. Does that mean that my router has strong security and is hard to crack, and I need to make a different network? If I can't crack this one router, how can I crack the computers connected to the router, if that question makes any sense?

So, next I tried zenmap. This time I got more thorough results. They are:

Code: Select all
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2016-04-23 07:40 BST
NSE: Loaded 122 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 07:40
Completed NSE at 07:40, 0.00s elapsed
Initiating NSE at 07:40
Completed NSE at 07:40, 0.00s elapsed
Initiating ARP Ping Scan at 07:40
Scanning 255 hosts [1 port/host]
adjust_timeouts2: packet supposedly had rtt of -74525 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -61817 microseconds.  Ignoring time.
Completed ARP Ping Scan at 07:40, 5.64s elapsed (255 total hosts)
Initiating Parallel DNS resolution of 255 hosts. at 07:40
Completed Parallel DNS resolution of 255 hosts. at 07:40, 0.07s elapsed
Nmap scan report for 10.0.1.0 [host down]
Nmap scan report for 10.0.1.2 [host down]
Nmap scan report for 10.0.1.4 [host down]
Nmap scan report for 10.0.1.5 [host down]
Nmap scan report for 10.0.1.6 [host down]
Nmap scan report for 10.0.1.7 [host down]
Nmap scan report for 10.0.1.8 [host down]
Nmap scan report for 10.0.1.9 [host down]
Nmap scan report for 10.0.1.10 [host down]
Nmap scan report for 10.0.1.11 [host down]
Nmap scan report for 10.0.1.12 [host down]
Nmap scan report for 10.0.1.13 [host down]
Nmap scan report for 10.0.1.14 [host down]
Nmap scan report for 10.0.1.15 [host down]
Nmap scan report for 10.0.1.16 [host down]
Nmap scan report for 10.0.1.17 [host down]
Nmap scan report for 10.0.1.18 [host down]
Nmap scan report for 10.0.1.19 [host down]
Nmap scan report for 10.0.1.20 [host down]
Nmap scan report for 10.0.1.21 [host down]
Nmap scan report for 10.0.1.22 [host down]
Nmap scan report for 10.0.1.23 [host down]
Nmap scan report for 10.0.1.24 [host down]
Nmap scan report for 10.0.1.25 [host down]
Nmap scan report for 10.0.1.26 [host down]
Nmap scan report for 10.0.1.27 [host down]
Nmap scan report for 10.0.1.28 [host down]
Nmap scan report for 10.0.1.29 [host down]
Nmap scan report for 10.0.1.30 [host down]
Nmap scan report for 10.0.1.31 [host down]
Nmap scan report for 10.0.1.32 [host down]
Nmap scan report for 10.0.1.33 [host down]
Nmap scan report for 10.0.1.34 [host down]
Nmap scan report for 10.0.1.35 [host down]
Nmap scan report for 10.0.1.36 [host down]
Nmap scan report for 10.0.1.37 [host down]
Nmap scan report for 10.0.1.38 [host down]
Nmap scan report for 10.0.1.39 [host down]
Nmap scan report for 10.0.1.40 [host down]
Nmap scan report for 10.0.1.41 [host down]
Nmap scan report for 10.0.1.42 [host down]
Nmap scan report for 10.0.1.43 [host down]
Nmap scan report for 10.0.1.44 [host down]
Nmap scan report for 10.0.1.45 [host down]
Nmap scan report for 10.0.1.46 [host down]
Nmap scan report for 10.0.1.47 [host down]
Nmap scan report for 10.0.1.48 [host down]
Nmap scan report for 10.0.1.49 [host down]
Nmap scan report for 10.0.1.50 [host down]
Nmap scan report for 10.0.1.51 [host down]
Nmap scan report for 10.0.1.52 [host down]
Nmap scan report for 10.0.1.53 [host down]
Nmap scan report for 10.0.1.54 [host down]
Nmap scan report for 10.0.1.55 [host down]
Nmap scan report for 10.0.1.56 [host down]
Nmap scan report for 10.0.1.57 [host down]
Nmap scan report for 10.0.1.58 [host down]
Nmap scan report for 10.0.1.59 [host down]
Nmap scan report for 10.0.1.60 [host down]
Nmap scan report for 10.0.1.61 [host down]
Nmap scan report for 10.0.1.62 [host down]
Nmap scan report for 10.0.1.63 [host down]
Nmap scan report for 10.0.1.64 [host down]
Nmap scan report for 10.0.1.65 [host down]
Nmap scan report for 10.0.1.66 [host down]
Nmap scan report for 10.0.1.67 [host down]
Nmap scan report for 10.0.1.68 [host down]
Nmap scan report for 10.0.1.69 [host down]
Nmap scan report for 10.0.1.70 [host down]
Nmap scan report for 10.0.1.71 [host down]
Nmap scan report for 10.0.1.72 [host down]
Nmap scan report for 10.0.1.73 [host down]
Nmap scan report for 10.0.1.74 [host down]
Nmap scan report for 10.0.1.75 [host down]
Nmap scan report for 10.0.1.76 [host down]
Nmap scan report for 10.0.1.77 [host down]
Nmap scan report for 10.0.1.78 [host down]
Nmap scan report for 10.0.1.79 [host down]
Nmap scan report for 10.0.1.80 [host down]
Nmap scan report for 10.0.1.81 [host down]
Nmap scan report for 10.0.1.82 [host down]
Nmap scan report for 10.0.1.83 [host down]
Nmap scan report for 10.0.1.84 [host down]
Nmap scan report for 10.0.1.85 [host down]
Nmap scan report for 10.0.1.86 [host down]
Nmap scan report for 10.0.1.87 [host down]
Nmap scan report for 10.0.1.88 [host down]
Nmap scan report for 10.0.1.89 [host down]
Nmap scan report for 10.0.1.90 [host down]
Nmap scan report for 10.0.1.91 [host down]
Nmap scan report for 10.0.1.92 [host down]
Nmap scan report for 10.0.1.93 [host down]
Nmap scan report for 10.0.1.94 [host down]
Nmap scan report for 10.0.1.95 [host down]
Nmap scan report for 10.0.1.96 [host down]
Nmap scan report for 10.0.1.97 [host down]
Nmap scan report for 10.0.1.98 [host down]
Nmap scan report for 10.0.1.99 [host down]
Nmap scan report for 10.0.1.100 [host down]
Nmap scan report for 10.0.1.102 [host down]
Nmap scan report for 10.0.1.103 [host down]
Nmap scan report for 10.0.1.104 [host down]
Nmap scan report for 10.0.1.105 [host down]
Nmap scan report for 10.0.1.106 [host down]
Nmap scan report for 10.0.1.110 [host down]
Nmap scan report for 10.0.1.111 [host down]
Nmap scan report for 10.0.1.112 [host down]
Nmap scan report for 10.0.1.113 [host down]
Nmap scan report for 10.0.1.115 [host down]
Nmap scan report for 10.0.1.116 [host down]
Nmap scan report for 10.0.1.117 [host down]
Nmap scan report for 10.0.1.118 [host down]
Nmap scan report for 10.0.1.119 [host down]
Nmap scan report for 10.0.1.120 [host down]
Nmap scan report for 10.0.1.121 [host down]
Nmap scan report for 10.0.1.122 [host down]
Nmap scan report for 10.0.1.123 [host down]
Nmap scan report for 10.0.1.124 [host down]
Nmap scan report for 10.0.1.125 [host down]
Nmap scan report for 10.0.1.126 [host down]
Nmap scan report for 10.0.1.127 [host down]
Nmap scan report for 10.0.1.128 [host down]
Nmap scan report for 10.0.1.129 [host down]
Nmap scan report for 10.0.1.130 [host down]
Nmap scan report for 10.0.1.131 [host down]
Nmap scan report for 10.0.1.132 [host down]
Nmap scan report for 10.0.1.133 [host down]
Nmap scan report for 10.0.1.134 [host down]
Nmap scan report for 10.0.1.135 [host down]
Nmap scan report for 10.0.1.136 [host down]
Nmap scan report for 10.0.1.137 [host down]
Nmap scan report for 10.0.1.138 [host down]
Nmap scan report for 10.0.1.139 [host down]
Nmap scan report for 10.0.1.140 [host down]
Nmap scan report for 10.0.1.141 [host down]
Nmap scan report for 10.0.1.142 [host down]
Nmap scan report for 10.0.1.143 [host down]
Nmap scan report for 10.0.1.144 [host down]
Nmap scan report for 10.0.1.145 [host down]
Nmap scan report for 10.0.1.146 [host down]
Nmap scan report for 10.0.1.147 [host down]
Nmap scan report for 10.0.1.148 [host down]
Nmap scan report for 10.0.1.149 [host down]
Nmap scan report for 10.0.1.150 [host down]
Nmap scan report for 10.0.1.151 [host down]
Nmap scan report for 10.0.1.152 [host down]
Nmap scan report for 10.0.1.153 [host down]
Nmap scan report for 10.0.1.154 [host down]
Nmap scan report for 10.0.1.155 [host down]
Nmap scan report for 10.0.1.156 [host down]
Nmap scan report for 10.0.1.157 [host down]
Nmap scan report for 10.0.1.158 [host down]
Nmap scan report for 10.0.1.159 [host down]
Nmap scan report for 10.0.1.160 [host down]
Nmap scan report for 10.0.1.161 [host down]
Nmap scan report for 10.0.1.162 [host down]
Nmap scan report for 10.0.1.163 [host down]
Nmap scan report for 10.0.1.164 [host down]
Nmap scan report for 10.0.1.165 [host down]
Nmap scan report for 10.0.1.166 [host down]
Nmap scan report for 10.0.1.167 [host down]
Nmap scan report for 10.0.1.168 [host down]
Nmap scan report for 10.0.1.169 [host down]
Nmap scan report for 10.0.1.170 [host down]
Nmap scan report for 10.0.1.171 [host down]
Nmap scan report for 10.0.1.172 [host down]
Nmap scan report for 10.0.1.173 [host down]
Nmap scan report for 10.0.1.174 [host down]
Nmap scan report for 10.0.1.175 [host down]
Nmap scan report for 10.0.1.176 [host down]
Nmap scan report for 10.0.1.177 [host down]
Nmap scan report for 10.0.1.178 [host down]
Nmap scan report for 10.0.1.180 [host down]
Nmap scan report for 10.0.1.181 [host down]
Nmap scan report for 10.0.1.182 [host down]
Nmap scan report for 10.0.1.183 [host down]
Nmap scan report for 10.0.1.184 [host down]
Nmap scan report for 10.0.1.185 [host down]
Nmap scan report for 10.0.1.186 [host down]
Nmap scan report for 10.0.1.189 [host down]
Nmap scan report for 10.0.1.190 [host down]
Nmap scan report for 10.0.1.192 [host down]
Nmap scan report for 10.0.1.193 [host down]
Nmap scan report for 10.0.1.194 [host down]
Nmap scan report for 10.0.1.195 [host down]
Nmap scan report for 10.0.1.196 [host down]
Nmap scan report for 10.0.1.197 [host down]
Nmap scan report for 10.0.1.198 [host down]
Nmap scan report for 10.0.1.199 [host down]
Nmap scan report for 10.0.1.200 [host down]
Nmap scan report for 10.0.1.201 [host down]
Nmap scan report for 10.0.1.202 [host down]
Nmap scan report for 10.0.1.203 [host down]
Nmap scan report for 10.0.1.204 [host down]
Nmap scan report for 10.0.1.205 [host down]
Nmap scan report for 10.0.1.206 [host down]
Nmap scan report for 10.0.1.207 [host down]
Nmap scan report for 10.0.1.208 [host down]
Nmap scan report for 10.0.1.209 [host down]
Nmap scan report for 10.0.1.210 [host down]
Nmap scan report for 10.0.1.211 [host down]
Nmap scan report for 10.0.1.212 [host down]
Nmap scan report for 10.0.1.213 [host down]
Nmap scan report for 10.0.1.214 [host down]
Nmap scan report for 10.0.1.215 [host down]
Nmap scan report for 10.0.1.216 [host down]
Nmap scan report for 10.0.1.217 [host down]
Nmap scan report for 10.0.1.218 [host down]
Nmap scan report for 10.0.1.219 [host down]
Nmap scan report for 10.0.1.220 [host down]
Nmap scan report for 10.0.1.221 [host down]
Nmap scan report for 10.0.1.222 [host down]
Nmap scan report for 10.0.1.223 [host down]
Nmap scan report for 10.0.1.224 [host down]
Nmap scan report for 10.0.1.225 [host down]
Nmap scan report for 10.0.1.226 [host down]
Nmap scan report for 10.0.1.227 [host down]
Nmap scan report for 10.0.1.228 [host down]
Nmap scan report for 10.0.1.229 [host down]
Nmap scan report for 10.0.1.230 [host down]
Nmap scan report for 10.0.1.231 [host down]
Nmap scan report for 10.0.1.232 [host down]
Nmap scan report for 10.0.1.233 [host down]
Nmap scan report for 10.0.1.234 [host down]
Nmap scan report for 10.0.1.235 [host down]
Nmap scan report for 10.0.1.236 [host down]
Nmap scan report for 10.0.1.237 [host down]
Nmap scan report for 10.0.1.238 [host down]
Nmap scan report for 10.0.1.239 [host down]
Nmap scan report for 10.0.1.240 [host down]
Nmap scan report for 10.0.1.241 [host down]
Nmap scan report for 10.0.1.242 [host down]
Nmap scan report for 10.0.1.243 [host down]
Nmap scan report for 10.0.1.244 [host down]
Nmap scan report for 10.0.1.245 [host down]
Nmap scan report for 10.0.1.246 [host down]
Nmap scan report for 10.0.1.247 [host down]
Nmap scan report for 10.0.1.248 [host down]
Nmap scan report for 10.0.1.249 [host down]
Nmap scan report for 10.0.1.250 [host down]
Nmap scan report for 10.0.1.251 [host down]
Nmap scan report for 10.0.1.252 [host down]
Nmap scan report for 10.0.1.253 [host down]
Nmap scan report for 10.0.1.254 [host down]
Nmap scan report for 10.0.1.255 [host down]
Initiating Parallel DNS resolution of 1 host. at 07:40
Completed Parallel DNS resolution of 1 host. at 07:40, 0.01s elapsed
Initiating SYN Stealth Scan at 07:40
Scanning 10 hosts [1000 ports/host]
Discovered open port 554/tcp on 10.0.1.188
Discovered open port 53/tcp on 10.0.1.1
Discovered open port 443/tcp on 10.0.1.109
Discovered open port 443/tcp on 10.0.1.101
Discovered open port 21/tcp on 10.0.1.101
Discovered open port 80/tcp on 10.0.1.3
Discovered open port 21/tcp on 10.0.1.109
Discovered open port 80/tcp on 10.0.1.101
Discovered open port 80/tcp on 10.0.1.109
Discovered open port 23/tcp on 10.0.1.3
Discovered open port 23/tcp on 10.0.1.101
Discovered open port 23/tcp on 10.0.1.109
Discovered open port 445/tcp on 10.0.1.188
Discovered open port 139/tcp on 10.0.1.188
Discovered open port 135/tcp on 10.0.1.188
SYN Stealth Scan Timing: About 4.72% done; ETC: 07:51 (0:10:26 remaining)
Increasing send delay for 10.0.1.114 from 0 to 5 due to 12 out of 29 dropped probes since last increase.
Increasing send delay for 10.0.1.109 from 0 to 5 due to 61 out of 151 dropped probes since last increase.
Discovered open port 912/tcp on 10.0.1.191
SYN Stealth Scan Timing: About 9.47% done; ETC: 07:51 (0:09:43 remaining)
Increasing send delay for 10.0.1.114 from 5 to 10 due to 11 out of 26 dropped probes since last increase.
SYN Stealth Scan Timing: About 11.06% done; ETC: 07:54 (0:12:12 remaining)
SYN Stealth Scan Timing: About 13.76% done; ETC: 07:55 (0:12:57 remaining)
Increasing send delay for 10.0.1.101 from 0 to 5 due to max_successful_tryno increase to 5
Increasing send delay for 10.0.1.101 from 5 to 10 due to max_successful_tryno increase to 6
Warning: 10.0.1.101 giving up on port because retransmission cap hit (6).
Discovered open port 515/tcp on 10.0.1.109
Increasing send delay for 10.0.1.1 from 0 to 5 due to 110 out of 274 dropped probes since last increase.
Discovered open port 10000/tcp on 10.0.1.1
Discovered open port 515/tcp on 10.0.1.101
Increasing send delay for 10.0.1.1 from 5 to 10 due to max_successful_tryno increase to 5
Increasing send delay for 10.0.1.179 from 0 to 5 due to max_successful_tryno increase to 5
SYN Stealth Scan Timing: About 25.98% done; ETC: 07:56 (0:12:10 remaining)
Increasing send delay for 10.0.1.179 from 5 to 10 due to 11 out of 24 dropped probes since last increase.
Discovered open port 62078/tcp on 10.0.1.187
SYN Stealth Scan Timing: About 30.71% done; ETC: 07:55 (0:10:45 remaining)
Discovered open port 2869/tcp on 10.0.1.188
Increasing send delay for 10.0.1.3 from 0 to 5 due to max_successful_tryno increase to 5
SYN Stealth Scan Timing: About 40.32% done; ETC: 07:56 (0:09:52 remaining)
Increasing send delay for 10.0.1.3 from 5 to 10 due to 51 out of 127 dropped probes since last increase.
Discovered open port 5009/tcp on 10.0.1.1
SYN Stealth Scan Timing: About 47.22% done; ETC: 07:57 (0:08:58 remaining)
Discovered open port 631/tcp on 10.0.1.109
Discovered open port 631/tcp on 10.0.1.101
SYN Stealth Scan Timing: About 51.83% done; ETC: 07:57 (0:08:03 remaining)
SYN Stealth Scan Timing: About 57.39% done; ETC: 07:57 (0:07:13 remaining)
Warning: 10.0.1.179 giving up on port because retransmission cap hit (6).
Increasing send delay for 10.0.1.187 from 0 to 5 due to max_successful_tryno increase to 5
Warning: 10.0.1.1 giving up on port because retransmission cap hit (6).
Increasing send delay for 10.0.1.187 from 5 to 10 due to max_successful_tryno increase to 6
SYN Stealth Scan Timing: About 62.91% done; ETC: 07:57 (0:06:19 remaining)
SYN Stealth Scan Timing: About 69.02% done; ETC: 07:57 (0:05:25 remaining)
Discovered open port 1024/tcp on 10.0.1.3
SYN Stealth Scan Timing: About 74.09% done; ETC: 07:57 (0:04:27 remaining)
Discovered open port 49155/tcp on 10.0.1.188
Completed SYN Stealth Scan against 10.0.1.179 in 865.76s (9 hosts left)
Increasing send delay for 10.0.1.109 from 5 to 10 due to max_successful_tryno increase to 5
Discovered open port 902/tcp on 10.0.1.191
SYN Stealth Scan Timing: About 81.21% done; ETC: 07:59 (0:03:32 remaining)
Discovered open port 10243/tcp on 10.0.1.188
SYN Stealth Scan Timing: About 86.51% done; ETC: 07:59 (0:02:35 remaining)
Completed SYN Stealth Scan against 10.0.1.107 in 994.08s (8 hosts left)
Completed SYN Stealth Scan against 10.0.1.187 in 995.08s (7 hosts left)
Completed SYN Stealth Scan against 10.0.1.1 in 1004.69s (6 hosts left)
Completed SYN Stealth Scan against 10.0.1.3 in 1010.49s (5 hosts left)
Discovered open port 5357/tcp on 10.0.1.188
Discovered open port 9100/tcp on 10.0.1.109
Completed SYN Stealth Scan against 10.0.1.109 in 1020.76s (4 hosts left)
Discovered open port 9100/tcp on 10.0.1.101
Completed SYN Stealth Scan against 10.0.1.101 in 1029.76s (3 hosts left)
Completed SYN Stealth Scan against 10.0.1.188 in 1034.24s (2 hosts left)
SYN Stealth Scan Timing: About 91.96% done; ETC: 07:59 (0:01:31 remaining)
Completed SYN Stealth Scan against 10.0.1.191 in 1036.19s (1 host left)
Warning: 10.0.1.114 giving up on port because retransmission cap hit (6).
Discovered open port 62078/tcp on 10.0.1.114
SYN Stealth Scan Timing: About 95.55% done; ETC: 08:00 (0:00:53 remaining)
SYN Stealth Scan Timing: About 97.42% done; ETC: 08:00 (0:00:31 remaining)
Completed SYN Stealth Scan at 08:05, 1482.65s elapsed (10000 total ports)
Initiating Service scan at 08:05
Scanning 30 services on 10 hosts
Completed Service scan at 08:07, 140.49s elapsed (32 services on 10 hosts)
Initiating OS detection (try #1) against 10 hosts
Retrying OS detection (try #2) against 3 hosts
NSE: Script scanning 10 hosts.
Initiating NSE at 08:07
Completed NSE at 08:08, 70.24s elapsed
Initiating NSE at 08:08
Completed NSE at 08:08, 0.07s elapsed
Nmap scan report for 10.0.1.1
Host is up (0.022s latency).
Not shown: 996 closed ports
PORT      STATE    SERVICE           VERSION
1/tcp     filtered tcpmux
53/tcp    open     domain?
5009/tcp  open     airport-admin     Apple AirPort or Time Capsule admin
10000/tcp open     snet-sensor-mgmt?
| ndmp-version:
|_  ERROR: Failed to get host information from server
MAC Address: 34:12:98:02:53:EB (Apple)
Device type: general purpose
Running: NetBSD 5.X
OS CPE: cpe:/o:netbsd:netbsd:5
OS details: NetBSD 5.0 - 5.99.5
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=217 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE
HOP RTT      ADDRESS
1   21.70 ms 10.0.1.1

Nmap scan report for 10.0.1.3
Host is up (0.0045s latency).
Not shown: 996 closed ports
PORT     STATE    SERVICE VERSION
23/tcp   open     telnet?
80/tcp   open     http
|_http-methods: No Allow or Public header in OPTIONS response (status code 400)
|_http-title: NETGEAR WN3000RP
1024/tcp open     kdm?
8400/tcp filtered cvd
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port80-TCP:V=6.49BETA4%I=7%D=4/23%Time=571B1EA6%P=x86_64-pc-linux-gnu%r
SF:(GetRequest,C91,"HTTP/1\.0\x20200\x20OK\r\nContent-length:\x203110\r\nC
SF:ontent-type:\x20text/html\r\nCache-Control:no-cache\r\nPragma:no-cache\
SF:r\n\r\n<html><head>\r\n<META\x20name=\"description\"\x20content=\"WN300
SF:0RP\">\n<META\x20http-equiv=\"Content-Type\"\x20content=\"text/html;\x2
SF:0charset=utf-8\">\n<META\x20http-equiv=\"Content-Style-Type\"\x20conten
SF:t=\"text/css\">\n<META\x20http-equiv=\"Pragma\"\x20content=\"no-cache\"
SF:>\n<META\x20HTTP-equiv=\"Cache-Control\"\x20content=\"no-cache\">\n<MET
SF:A\x20HTTP-EQUIV=\"Expires\"\x20CONTENT=\"Mon,\x2006\x20Jan\x201990\x200
SF:0:00:01\x20GMT\">\n\r\n<title>NETGEAR\x20WN3000RP</title>\r\n<script\x2
SF:0type=\"text/javascript\"\x20src=\"changeUrl\.js\"></script>\r\n<script
SF:\x20language=\"javascript\"\x20type=\"text/javascript\">\r\nfunction\x2
SF:0loadnext\(\)\x20{\r\n\x20\x20\x20\x20var\x20showit=\(document\.layers\
SF:)\?\"show\":\"block\";\r\n\x20\x20\x20\x20var\x20hideit=\(document\.lay
SF:ers\)\?\"hide\":\"none\";\r\n\x20\x20\x20\x20var\x20el\x20=\x20\"alltex
SF:t\";\r\n\x20\x20\x20\x20var\x20device_id=\"WN3000RP\";\r\n\x20\x20\x20\
SF:x20var\x20lan_ip\x20=\x20\"10\.0\.1\.3\";\r\n\x20\x20\x20\x20var\x20wan
SF:_ip\x20=\x20\"10\.0\.1\.3\";\r\n\x20\x20\x20\x20var\x20url\x20=\x20\"\"
SF:;\r\n\x20\x20\x20\x20var\x20topPage\x20=\x20top;\r\n\x20\x20\x20\x20\r\
SF:n\x20\x20\x20")%r(HTTPOptions,12E,"HTTP/1\.0\x20400\x20Bad\x20Request\r
SF:\nContent-type:\x20text/html\r\n\r\n<html>\r\n<head>\r\n<meta\x20http-e
SF:quiv='Content-Type'\x20content='text/html;\x20charset=utf-8'>\r\n<title
SF:>400\x20Bad\x20Request</title></head>\r\n<body><h1>400\x20Bad\x20Reques
SF:t</h1>\r\n<p>This\x20server\x20does\x20not\x20support\x20the\x20operati
SF:on\x20requested\x20by\x20your\x20client\.</p></body>\r\n</html>\r\n")%r
SF:(RTSPRequest,12E,"HTTP/1\.0\x20400\x20Bad\x20Request\r\nContent-type:\x
SF:20text/html\r\n\r\n<html>\r\n<head>\r\n<meta\x20http-equiv='Content-Typ
SF:e'\x20content='text/html;\x20charset=utf-8'>\r\n<title>400\x20Bad\x20Re
SF:quest</title></head>\r\n<body><h1>400\x20Bad\x20Request</h1>\r\n<p>This
SF:\x20server\x20does\x20not\x20support\x20the\x20operation\x20requested\x
SF:20by\x20your\x20client\.</p></body>\r\n</html>\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port1024-TCP:V=6.49BETA4%I=7%D=4/23%Time=571B1EA6%P=x86_64-pc-linux-gnu
SF:%r(GenericLines,1E5,"HTTP/1\.0\x20401\x20Unauthorized\r\nWWW-Authentica
SF:te:\x20Basic\x20realm=\"NETGEAR\x20WN3000RP\"\r\nContent-type:\x20text/
SF:html\r\n\r\n<html>\r\n<head>\r\n<meta\x20http-equiv='Content-Type'\x20c
SF:ontent='text/html;\x20charset=utf-8'>\r\n<title>401\x20Unauthorized</ti
SF:tle></head>\r\n<body\x20onload=\"document\.aForm\.submit\(\)\"><h1>401\
SF:x20Unauthorized</h1>\r\n<p>Access\x20to\x20this\x20resource\x20is\x20de
SF:nied,\x20your\x20client\x20has\x20not\x20supplied\x20the\x20correct\x20
SF:authentication\.</p><form\x20method=\"post\"\x20action=\"unauth\.cgi\?i
SF:d=1046175824\"\x20name=\"aForm\"></form></body>\r\n</html>\r\n")%r(GetR
SF:equest,C91,"HTTP/1\.0\x20200\x20OK\r\nContent-length:\x203110\r\nConten
SF:t-type:\x20text/html\r\nCache-Control:no-cache\r\nPragma:no-cache\r\n\r
SF:\n<html><head>\r\n<META\x20name=\"description\"\x20content=\"WN3000RP\"
SF:>\n<META\x20http-equiv=\"Content-Type\"\x20content=\"text/html;\x20char
SF:set=utf-8\">\n<META\x20http-equiv=\"Content-Style-Type\"\x20content=\"t
SF:ext/css\">\n<META\x20http-equiv=\"Pragma\"\x20content=\"no-cache\">\n<M
SF:ETA\x20HTTP-equiv=\"Cache-Control\"\x20content=\"no-cache\">\n<META\x20
SF:HTTP-EQUIV=\"Expires\"\x20CONTENT=\"Mon,\x2006\x20Jan\x201990\x2000:00:
SF:01\x20GMT\">\n\r\n<title>NETGEAR\x20WN3000RP</title>\r\n<script\x20type
SF:=\"text/javascript\"\x20src=\"changeUrl\.js\"></script>\r\n<script\x20l
SF:anguage=\"javascript\"\x20type=\"text/javascript\">\r\nfunction\x20load
SF:next\(\)\x20{\r\n\x20\x20\x20\x20var\x20showit=\(document\.layers\)\?\"
SF:show\":\"block\";\r\n\x20\x20\x20\x20var\x20hideit=\(document\.layers\)
SF:\?\"hide\":\"none\";\r\n\x20\x20\x20\x20var\x20el\x20=\x20\"alltext\";\
SF:r\n\x20\x20\x20\x20var\x20device_id=\"WN3000RP\";\r\n\x20\x20\x20\x20va
SF:r\x20lan_ip\x20=\x20\"10\.0\.1\.3\";\r\n\x20\x20\x20\x20var\x20wan_ip\x
SF:20=\x20\"10\.0\.1\.3\";\r\n\x20\x20\x20\x20var\x20url\x20=\x20\"\";\r\n
SF:\x20\x20\x20\x20var\x20topPage\x20=\x20top;\r\n\x20\x20\x20\x20\r\n\x20
SF:\x20\x20")%r(HTTPOptions,12E,"HTTP/1\.0\x20400\x20Bad\x20Request\r\nCon
SF:tent-type:\x20text/html\r\n\r\n<html>\r\n<head>\r\n<meta\x20http-equiv=
SF:'Content-Type'\x20content='text/html;\x20charset=utf-8'>\r\n<title>400\
SF:x20Bad\x20Request</title></head>\r\n<body><h1>400\x20Bad\x20Request</h1
SF:>\r\n<p>This\x20server\x20does\x20not\x20support\x20the\x20operation\x2
SF:0requested\x20by\x20your\x20client\.</p></body>\r\n</html>\r\n");
MAC Address: 28:C6:8E:84:A1:FC (Netgear,)
Device type: general purpose
Running: Linux 2.4.X
OS CPE: cpe:/o:linux:linux_kernel:2.4
OS details: Linux 2.4.18 - 2.4.35 (likely embedded)
Uptime guess: 11.400 days (since Mon Apr 11 22:32:38 2016)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=201 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE
HOP RTT     ADDRESS
1   4.51 ms 10.0.1.3

Nmap scan report for 10.0.1.101
Host is up (0.0094s latency).
Not shown: 966 closed ports, 27 filtered ports
PORT     STATE SERVICE    VERSION
21/tcp   open  ftp        Brother/HP printer ftpd 1.13
|_ftp-anon: Anonymous FTP login allowed (FTP code 230)
23/tcp   open  telnet     Brother/HP printer telnetd
80/tcp   open  http       Debut embedded httpd 1.20 (Brother/HP printer http admin)
|_http-methods: No Allow or Public header in OPTIONS response (status code 411)
| http-robots.txt: 1 disallowed entry
|_/
|_http-server-header: debut/1.20
| http-title: Brother HL-L2380DW series
|_Requested resource was /general/status.html
443/tcp  open  ssl/http   Debut embedded httpd 1.20 (Brother/HP printer http admin)
| http-cisco-anyconnect:
|_  ERROR: Not a Cisco ASA or unsupported version
| http-robots.txt: 1 disallowed entry
|_/
| http-title: Brother HL-L2380DW series
|_Requested resource was /general/status.html
| ssl-cert: Subject: commonName=Preset Certificate
| Issuer: commonName=Preset Certificate
| Public Key type: rsa
| Public Key bits: 1024
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2014-02-06T06:38:58
| Not valid after:  2014-03-08T06:38:58
| MD5:   3d24 c5e0 376d f84f 08f1 447d cfdb d395
|_SHA-1: 48e9 a0a7 653f 2700 b0be cc42 5a8e fec6 4793 a9fa
515/tcp  open  printer
631/tcp  open  http       Debut embedded httpd 1.20 (Brother/HP printer http admin)
| http-methods: GET HEAD POST TRACE
| Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
| http-robots.txt: 1 disallowed entry
|_/
|_http-server-header: debut/1.20
| http-title: Brother HL-L2380DW series
|_Requested resource was /general/status.html
9100/tcp open  jetdirect?
MAC Address: C0:38:96:66:50:C7 (Hon Hai Precision Ind. Co.)
Device type: printer|general purpose
Running: HP embedded, Wind River VxWorks
OS CPE: cpe:/h:hp:laserjet_cm1415fnw cpe:/h:hp:laserjet_cp1525nw cpe:/h:hp:laserjet_1536dnf cpe:/h:brother:dcp_j4110dw cpe:/h:brother:hl_3170cdw cpe:/o:windriver:vxworks
OS details: HP LaserJet CM1415fnw, CP1525nw, M475dn, or 1536dnf or Brother DCP-J4110DW or HL-3170CDW printer, VxWorks
Uptime guess: 11.403 days (since Mon Apr 11 22:29:10 2016)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: Busy server or unknown class
Service Info: Device: printer

TRACEROUTE
HOP RTT     ADDRESS
1   9.38 ms 10.0.1.101

Nmap scan report for 10.0.1.107
Host is up (0.20s latency).
All 1000 scanned ports on 10.0.1.107 are filtered
MAC Address: CC:6D:A0:E2:A5:C5 (Roku)
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop

TRACEROUTE
HOP RTT       ADDRESS
1   198.31 ms 10.0.1.107

Nmap scan report for 10.0.1.109
Host is up (0.0065s latency).
Not shown: 993 closed ports
PORT     STATE SERVICE    VERSION
21/tcp   open  ftp        Brother/HP printer ftpd 1.13
|_ftp-anon: Anonymous FTP login allowed (FTP code 230)
23/tcp   open  telnet     Brother/HP printer telnetd
80/tcp   open  http       Debut embedded httpd 1.20 (Brother/HP printer http admin)
| http-robots.txt: 1 disallowed entry
|_/
|_http-server-header: debut/1.20
| http-title: Brother HL-L8350CDW series
|_Requested resource was /general/status.html
443/tcp  open  ssl/http   Debut embedded httpd 1.20 (Brother/HP printer http admin)
| http-cisco-anyconnect:
|_  ERROR: Not a Cisco ASA or unsupported version
|_http-server-header: debut/1.20
| ssl-cert: Subject: commonName=Preset Certificate
| Issuer: commonName=Preset Certificate
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2000-01-01T00:00:00
| Not valid after:  2049-12-30T23:59:59
| MD5:   0012 4fc0 c0f5 f13a 8e48 e541 dcbe d76a
|_SHA-1: fbba 7f11 4078 edb6 2d6f c650 bc29 1abe 71c4 ce04
515/tcp  open  printer
631/tcp  open  http       Debut embedded httpd 1.20 (Brother/HP printer http admin)
| http-robots.txt: 1 disallowed entry
|_/
|_http-server-header: debut/1.20
| http-title: Brother HL-L8350CDW series
|_Requested resource was /general/status.html
9100/tcp open  jetdirect?
MAC Address: 00:80:92:C0:F3:28 (Silex Technology)
Device type: VoIP adapter|printer|general purpose
Running: AudioCodes embedded, HP embedded, HP VxWorks, Vocality embedded, Wind River VxWorks
OS CPE: cpe:/h:hp:laserjet_cm1415fnw cpe:/h:hp:laserjet_cp1525nw cpe:/h:hp:laserjet_1536dnf cpe:/h:brother:dcp_j4110dw cpe:/h:brother:hl_3170cdw cpe:/o:hp:vxworks cpe:/o:windriver:vxworks
OS details: Audiocodes MP-114 or MP-118 VoIP adapter, HP LaserJet CM1415fnw, CP1525nw, M475dn, or 1536dnf or Brother DCP-J4110DW or HL-3170CDW printer, VxWorks: HP printer or Vocality BASICS Four Wire VoIP gateway, VxWorks
Network Distance: 1 hop
Service Info: Device: printer

TRACEROUTE
HOP RTT     ADDRESS
1   6.49 ms 10.0.1.109

Nmap scan report for 10.0.1.114
Host is up (0.011s latency).
Not shown: 656 filtered ports, 343 closed ports
PORT      STATE SERVICE    VERSION
62078/tcp open  tcpwrapped
MAC Address: 80:D6:05:3E:E3:DC (Unknown)
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
No OS matches for host
Network Distance: 1 hop

TRACEROUTE
HOP RTT      ADDRESS
1   11.05 ms 10.0.1.114

Nmap scan report for 10.0.1.179
Host is up (0.041s latency).
All 1000 scanned ports on 10.0.1.179 are closed
MAC Address: D8:30:62:52:06:4B (Apple)
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop

TRACEROUTE
HOP RTT      ADDRESS
1   40.51 ms 10.0.1.179

Nmap scan report for 10.0.1.187
Host is up (0.10s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE    VERSION
62078/tcp open  tcpwrapped
MAC Address: C0:CC:F8:5E:EA:FC (Unknown)
Device type: general purpose|media device|phone
Running: Apple Mac OS X 10.7.X|10.9.X|10.8.X, Apple iOS 4.X|5.X|6.X
OS CPE: cpe:/o:apple:mac_os_x:10.7 cpe:/o:apple:mac_os_x:10.9 cpe:/o:apple:mac_os_x:10.8 cpe:/o:apple:iphone_os:4 cpe:/a:apple:apple_tv:4 cpe:/o:apple:iphone_os:5 cpe:/o:apple:iphone_os:6
OS details: Apple Mac OS X 10.7.0 (Lion) - 10.10 (Yosemite) or iOS 4.1 - 8.1.2 (Darwin 10.0.0 - 14.0.0)
Uptime guess: 4.257 days (since Tue Apr 19 01:59:18 2016)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IP ID Sequence Generation: Randomized

TRACEROUTE
HOP RTT       ADDRESS
1   102.74 ms 10.0.1.187

Nmap scan report for 10.0.1.188
Host is up (0.013s latency).
Not shown: 992 filtered ports
PORT      STATE SERVICE      VERSION
135/tcp   open  msrpc        Microsoft Windows RPC
139/tcp   open  netbios-ssn  Microsoft Windows 98 netbios-ssn
445/tcp   open  microsoft-ds (primary domain: WORKGROUP)
554/tcp   open  rtsp?
2869/tcp  open  http         Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
5357/tcp  open  http         Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-methods: No Allow or Public header in OPTIONS response (status code 503)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Service Unavailable
10243/tcp open  http         Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-methods: No Allow or Public header in OPTIONS response (status code 404)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
49155/tcp open  msrpc        Microsoft Windows RPC
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port445-TCP:V=6.49BETA4%I=7%D=4/23%Time=571B1EAE%P=x86_64-pc-linux-gnu%
SF:r(SMBProgNeg,7B,"\0\0\0w\xffSMBr\0\0\0\0\x88\x01@\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0@\x06\0\0\x01\0\x11\x07\0\x03\n\0\x01\0\x04\x11\0\0\0\0\x01\0\0\0
SF:\0\0\xfc\xe3\x01\0\xb5,K\xe0\xe6\x9d\xd1\x01\xa4\x01\x082\0\xe4C\?\xa0\
SF:xe5\xf5xqW\0O\0R\0K\0G\0R\0O\0U\0P\0\0\0H\0O\0M\0E\0O\0F\0F\0I\0C\0E\0\
SF:0\0");
MAC Address: 10:08:B1:5E:0E:98 (Hon Hai Precision Ind. Co.)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: specialized|WAP|phone
Running: iPXE 1.X, Linksys Linux 2.4.X, Linux 2.6.X, Sony Ericsson embedded
OS CPE: cpe:/o:ipxe:ipxe:1.0.0%2b cpe:/o:linksys:linux_kernel:2.4 cpe:/o:linux:linux_kernel:2.6 cpe:/h:sonyericsson:u8i_vivaz
OS details: iPXE 1.0.0+, Tomato 1.28 (Linux 2.4.20), Tomato firmware (Linux 2.6.22), Sony Ericsson U8i Vivaz mobile phone
Network Distance: 1 hop
Service Info: Host: HOMEOFFICE; OSs: Windows, Windows 98; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_98

Host script results:
| nbstat: NetBIOS name: HOMEOFFICE, NetBIOS user: <unknown>, NetBIOS MAC: 10:08:b1:5e:0e:98 (Hon Hai Precision Ind. Co.)
| Names:
|   HOMEOFFICE<20>       Flags: <unique><active>
|   HOMEOFFICE<00>       Flags: <unique><active>
|   WORKGROUP<00>        Flags: <group><active>
|   WORKGROUP<1e>        Flags: <group><active>
|   WORKGROUP<1d>        Flags: <unique><active>
|_  \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>
| smb-os-discovery:
|   OS: Windows 8.1 9600 (Windows 8.1 6.3)
|   OS CPE: cpe:/o:microsoft:windows_8.1::-
|   NetBIOS computer name: HOMEOFFICE
|   Workgroup: WORKGROUP
|_  System time: 2016-04-23T22:07:39-07:00
| smb-security-mode:
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
|_smbv2-enabled: Server supports SMBv2 protocol

TRACEROUTE
HOP RTT      ADDRESS
1   12.78 ms 10.0.1.188

Nmap scan report for 10.0.1.191
Host is up (0.0076s latency).
Not shown: 998 filtered ports
PORT    STATE SERVICE         VERSION
902/tcp open  ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
912/tcp open  vmware-auth     VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
MAC Address: E4:F8:9C:03:FF:48 (Intel Corporate)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: specialized|WAP|phone
Running: iPXE 1.X, Linksys Linux 2.4.X, Linux 2.6.X, Sony Ericsson embedded
OS CPE: cpe:/o:ipxe:ipxe:1.0.0%2b cpe:/o:linksys:linux_kernel:2.4 cpe:/o:linux:linux_kernel:2.6 cpe:/h:sonyericsson:u8i_vivaz
OS details: iPXE 1.0.0+, Tomato 1.28 (Linux 2.4.20), Tomato firmware (Linux 2.6.22), Sony Ericsson U8i Vivaz mobile phone
Network Distance: 1 hop

TRACEROUTE
HOP RTT     ADDRESS
1   7.57 ms 10.0.1.191

Initiating SYN Stealth Scan at 08:08
Scanning 10.0.1.108 [1000 ports]
Completed SYN Stealth Scan at 08:08, 1.57s elapsed (1000 total ports)
Initiating Service scan at 08:08
Initiating OS detection (try #1) against 10.0.1.108
adjust_timeouts2: packet supposedly had rtt of -103765 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -103765 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -103719 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -103719 microseconds.  Ignoring time.
Retrying OS detection (try #2) against 10.0.1.108
WARNING: OS didn't match until try #2
NSE: Script scanning 10.0.1.108.
Initiating NSE at 08:08
Completed NSE at 08:08, 0.01s elapsed
Initiating NSE at 08:08
Completed NSE at 08:08, 0.00s elapsed
Nmap scan report for 10.0.1.108
Host is up (0.000039s latency).
All 1000 scanned ports on 10.0.1.108 are closed
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 2.4.X|2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.4.20, Linux 2.6.14 - 2.6.34, Linux 2.6.17 (Mandriva), Linux 2.6.23, Linux 2.6.24
Network Distance: 0 hops

NSE: Script Post-scanning.
Initiating NSE at 08:08
Completed NSE at 08:08, 0.00s elapsed
Initiating NSE at 08:08
Completed NSE at 08:08, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 256 IP addresses (11 hosts up) scanned in 1717.31 seconds
           Raw packets sent: 27660 (1.240MB) | Rcvd: 13415 (554.567KB)


I noticed I got more info about each machine. I'm assuming the next steps are learning to understand the info so that I can use it for something. I really want to create a map of my home network and each of the devices on it. I know there's a separate feature for that in zenmap but that flowchart doesn't give full detail, just IP I think. I'm trying to map out my entire network in full detail. After that I want to try and crack into either the router or one of the hosts. What would be a good next step from here? I just ran an intense scan, which is the result I just showed you.
ghostheadx2
Contributor
Contributor
 
Posts: 728
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)


Re: next step in mapping home network

Post by Jbraithwaite on Mon Apr 25, 2016 1:40 am
([msg=92201]see Re: next step in mapping home network[/msg])

Everyones home router is going to throw up various different results. It's about crafting the packets in nmap to get what you want if you know what's there. There's different types of scans to do certain things in nmap. Also different speeds in which to do stuff.

For instance you used `nmap -sS -A`Probably the most aggressive scan you could perform and would likely have alerted an IDS to being port scanned. Investigate the different types of scans and review the results.

My advice is to get yourself a virtual machine called Metasploitable2 It's a vulnerable Linux server OS and perform your scans on that host. You'll get so many good results to play with.
In training....
Jbraithwaite
Poster
Poster
 
Posts: 198
Joined: Tue Nov 10, 2015 4:35 am
Location: Whatever my VPN says.
Blog: View Blog (0)


Re: next step in mapping home network

Post by ghostheadx2 on Tue Apr 26, 2016 2:44 am
([msg=92218]see Re: next step in mapping home network[/msg])

Thanks. That helps a lot. So what happens when I can find all of the flaws in Metasploit?
ghostheadx2
Contributor
Contributor
 
Posts: 728
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)


Re: next step in mapping home network

Post by limdis on Thu Apr 28, 2016 7:20 pm
([msg=92228]see Re: next step in mapping home network[/msg])

Metasploitable2 is a vulnerable VM designed for use during the Metasploit Unleashed course. Just because it is for the course does not mean you can't use it to test your tools however. It just provides a legal medium to do so.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Addict
Addict
 
Posts: 1657
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: next step in mapping home network

Post by ghostheadx2 on Fri Apr 29, 2016 12:53 am
([msg=92231]see Re: next step in mapping home network[/msg])

So its sort of there to be exploited. Cool. So I wouldn't mind if I do. So then, I'll get to doing this pretty soon but first, should I probably try each of the different scans and post my interpretations of the results with research on each one? Or is that against the rules of the forum site? I want to know before I do it.
ghostheadx2
Contributor
Contributor
 
Posts: 728
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests