Re: Network diagram information

[Rich Payne]

cyclic redundency check (I think). Are you trying to load from CD-ROM or 
floppy? Either the hardware you are loading from is bad, the media is bad 
(unlikely since it seems you've tried many) or you've got a memory 
problem in the system. Could be bad memory, bad cache etcit's probably 
worth reseating the memory and/or pulling out a DIMM/SIMM etc...

--rdp

On Wed, 20 Feb 2002, Andrew cr wrote:

> 
> 
> I have been trying to install linux on my pent 100 for days...i have 
> many machines and this machine is giving me the following message for any 
> linux dist i have tried whether redhat , slackware , debian , etc
> 
> crc error
> 
>   --system halt
> 
> when the kernel boots up vmlinuz is when i get this message
> can someone explain what crc is ?? i have no clue and need to know whether 
> its hardware issue like bios or what
> 
> _
> MSN Photos is the easiest way to share and print your photos: 
> http://photos.msn.com/support/worldwide.aspx
> 
> 
> 
> *
> To unsubscribe from this list, send mail to [EMAIL PROTECTED]
> with the text 'unsubscribe gnhlug' in the message body.
> *
> 

-- 
Rich Payne
http://talisman.mv.com


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Network diagram information

[Andrew cr]

I have been trying to install linux on my pent 100 for days...i have 
many machines and this machine is giving me the following message for any 
linux dist i have tried whether redhat , slackware , debian , etc

crc error

  --system halt

when the kernel boots up vmlinuz is when i get this message
can someone explain what crc is ?? i have no clue and need to know whether 
its hardware issue like bios or what

_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx



*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

RE: Network diagram information

[Kenneth E. Lussier]

Quoting "Mansur, Warren" <[EMAIL PROTECTED]>:

> >  nmap scans hosts and reports if they are up, and what ports are open.
> 
> Just a quick question.  Does nmap rely on being able to connect to a
> particular website to download the TCP fingerprints, or are they
> included with the program when installed?  For some reason I can't seem
> to use nmap when I'm behind the corporate firewall, even on local nodes.

Nmap is completely self contained. It doesn't depend on anything other than it's own 
built-in code. If you are having trouble, there are a lot of things that can effect 
it. To have access to all of the features, you need to be logged in as root. Also, if 
you are scanning a system that is inside of the network, and all of the traffic is 
going through a switch, the switch may be effecting it. Try slowing down the speed of 
the scan, and randomizing the port order. Also, shut off ICMP ping, tcp ping, and 
"ping host before scanning". It is possible that a switch or firewall will block these 
things. If you are truing to scan a system ouside of the firewall, then it is most 
likly being blocked. 

FYI,
Kenny




-
"There's nothing you shouldn't speak of if you've got 
 something to say, and there's no one to be scared of, 
 just get them out of your way."  -- The Alarm

*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Network diagram information

[Benjamin Scott]

On Mon, 18 Feb 2002, Jim McGlaughlin wrote:
> I guess any question on this forum is sure to promote discussion.  

  Likely so.  This can generally be considered a Good Thing.  :-)

-- 
Ben Scott <[EMAIL PROTECTED]>
| The opinions expressed in this message are those of the author and do not |
| necessarily represent the views or policy of any other person, entity or  |
| organization.  All information is provided without warranty of any kind.  |


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Network diagram information

[Jim McGlaughlin]

Thanks for the answers to my question.

I guess any question on this forum is sure to promote discussion.

It will take a while to research all the information given.

Thanks again
Jim McGlaughlin



*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

RE: Network diagram information

[Benjamin Scott]

On Sun, 17 Feb 2002, Mansur, Warren wrote:
> Just a quick question.  Does nmap rely on being able to connect to a
> particular website to download the TCP fingerprints, or are they included
> with the program when installed?

  AFAIK, nmap is completely self-contained, although I haven't looked at the
code.

> For some reason I can't seem to use nmap when I'm behind the corporate
> firewall, even on local nodes.

  There are other things that could interfere.  Your system might not have
all the right network access support configured (raw sockets and the like),
or you might lack sufficient privileges if you are not running as root.

-- 
Ben Scott <[EMAIL PROTECTED]>
| The opinions expressed in this message are those of the author and do not |
| necessarily represent the views or policy of any other person, entity or  |
| organization.  All information is provided without warranty of any kind.  |


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Port Vs. Vulnerability scanners (was Re: Network diagram information)

[Paul Lussier]

In a message dated: Sun, 17 Feb 2002 20:33:54 EST
"Kenneth E. Lussier" said:

>Nessus can do nasty things to a system, and to a network as a whole if
>it isn't used correctly, wisely, and carefully.

Oh, didn't know that.

>> Can you explain a little more about the differences
>
>Nessus, on the other hand, is a vulnerability scanner. As part of it's
>process, it performs a port scan to see what is open. Nessus has the
>ability to use Nmap as it's plug-in port scanner. Port scaning is just
>the first step. It scans for open ports, then once it knows what is
>open, it checks the services that are running. For example, if it
>finds port 21 open, it will check to see of an ftp server is actually
>running on that port, and if so, which one. It will then attempt to
>exploit holes in the given service (buffer overflows, file
>permissions, anonymous exploits, etc.). If it finds holes, it will
>tell you what the problems are, and most times, it will tell you how
>to fix them. 

Ohh!  H, sounds like fun at the very least, but you're 
right, not the right tool for what I was suggesting :)
-- 

Seeya,
Paul


  God Bless America!

 If you're not having fun, you're not doing it right!

...we don't need to be perfect to be the best around,
and we never stop trying to be better. 
   Tom Clancy, The Bear and The Dragon



*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

RE: Network diagram information

[Cole Tuininga]

On Sun, 2002-02-17 at 21:51, Mansur, Warren wrote:
> >  nmap scans hosts and reports if they are up, and what ports are open.
> 
> Just a quick question.  Does nmap rely on being able to connect to a
> particular website to download the TCP fingerprints, or are they
> included with the program when installed?  

I think it's built in...

> For some reason I can't seem
> to use nmap when I'm behind the corporate firewall, even on local nodes.
> Thanks in advance.

My understanding is that nmap uses ICMP requests to figure out the
remote OS.  Because ICMP is connectionless, if you're Nat'ing, you may
have a hard time getting the results back (depending on how the company
firewall is configured).


-- 
"If Al Gore invented the Internet, I invented spell check."
-- Dan Quayle

Cole Tuininga
Lead Developer
Code Energy, Inc
[EMAIL PROTECTED]
(603) 766-2208
PGP Key ID: 0x43E5755D


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

RE: Network diagram information

[Mansur, Warren]

>  nmap scans hosts and reports if they are up, and what ports are open.

Just a quick question.  Does nmap rely on being able to connect to a
particular website to download the TCP fingerprints, or are they
included with the program when installed?  For some reason I can't seem
to use nmap when I'm behind the corporate firewall, even on local nodes.
Thanks in advance.

Warren

*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Port Vs. Vulnerability scanners (was Re: Network diagram information)

[Kenneth E. Lussier]

[EMAIL PROTECTED] wrote:

> >>   2. use nessus or something like that to then  scan the live
> >>IP addresses for open ports.
> >
> >DON'Y USE NESSUS!!
> 
> So what exactly are you trying to say here?

I'm trying to say that there is a correct tool for every job, and that
just isn't it. Nessus can do nasty things to a system, and to a
network as a whole if it isn't used correctly, wisely, and carefully.
It also should not be run unattended because of the bad things that it
can do.

> > Nessus is for security auditing and vulnerability
> >assessment. Use nmap. Nmap is command-line friendly, faster, and is
> >more targeted to the job at hand. Nessus is extreme over-kill. Not to
> >mention the fact that it might just take down your router, or any
> >Windows boxen that get in it's way ;-)
> 
> Can you explain a little more about the differences between nessus
> and nmap. (I actually meant nmap above, but couldn't think of the
> name, and nessus is all that came to mind :)

Nmap is a port scanner and Nessus is a vulnerability scanner. A port
scanner runs through the list of ports (1-65535) and checks for a
response. If a response is received, then the port is open. If not,
the port is closed. That's it. Nmap has some great features that make
it better than most, such as the ability to randomize the order of the
scan, multiple scan types (xmas, fin, sys, connect, half-open, etc),
niceness, etc.. However, it is still just a port scanner.

Nessus, on the other hand, is a vulnerability scanner. As part of it's
process, it performs a port scan to see what is open. Nessus has the
ability to use Nmap as it's plug-in port scanner. Port scaning is just
the first step. It scans for open ports, then once it knows what is
open, it checks the services that are running. For example, if it
finds port 21 open, it will check to see of an ftp server is actually
running on that port, and if so, which one. It will then attempt to
exploit holes in the given service (buffer overflows, file
permissions, anonymous exploits, etc.). If it finds holes, it will
tell you what the problems are, and most times, it will tell you how
to fix them. There are many commercial vulnerability scanners out
there like ISS, RetnaScan, and others. 

C-Ya,
Kenny
-- 
---
 Kenneth E. Lussier
 Geek by nature, Linux by choice
 PGP KeyID C0D2BA57 
 Public key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0D2BA57

*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Network diagram information

[Benjamin Scott]

On Sun, 17 Feb 2002 [EMAIL PROTECTED] wrote:
> Can you explain a little more about the differences between nessus and
> nmap.

  nmap scans hosts and reports if they are up, and what ports are open.

  Nessus scans for vulnerabilities.  For example, "Does this system crash
when sent an over-size ICMP packet?"  It might test that by sending an
over-size ICMP packet.  If the system crashes, it is vulnerable.  Granted,
not all of the tests are so, um, intrusive, but you can see the potential
for problems.  Even if you select less hostile tests, it will still use more
resources than a simple ping scan.

  Another thing the OP might want to check out is OpenNMS, at
.  I've never actually used it, but we had someone
give a talk on it at a GNHLUG meeting once.  :-)

-- 
Ben Scott <[EMAIL PROTECTED]>
| The opinions expressed in this message are those of the author and do not |
| necessarily represent the views or policy of any other person, entity or  |
| organization.  All information is provided without warranty of any kind.  |


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Network diagram information

[Bruce Dawson]

You may want to check out 'scotty' - TCL based network discovery tool 
kit. I believe you'll want the 'tkined' program in that package.

Jim McGlaughlin wrote:

> GNHLUGers
> 
> I am looking for an information resource that discusses command line utilities and 
>how to use them to figure out network hierarchy, in the form of parent/child IP 
>addresses.
> 
> I am hoping to be able to use these tools from inside a scripting language like 
>Python.
> 
> In general I think the technique is:
> 
>   ping all the possible address on the network in question.
> 
>   For the responding devices do a traceroute, this tells you what devices cross 
>networks.
> 
>   Use an SNMP tool to find out if the device is a managed switch or router,
>   if so, get more info.
> 
> I have found tools that do the whole thing for you but I am interested in the 
>process and how it works.  If I can find the info I am looking for I will use it to 
>learn Python.
> 
> Thanks,
> 
> Jim McGlaughlin
> 
> 
> 
> *
> To unsubscribe from this list, send mail to [EMAIL PROTECTED]
> with the text 'unsubscribe gnhlug' in the message body.
> *
> 



*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Network diagram information

[plussier]

In a message dated: Sun, 17 Feb 2002 13:15:29 EST
"Kenneth E. Lussier" said:

>>   2. use nessus or something like that to then  scan the live
>>IP addresses for open ports.
>
>DON'Y USE NESSUS!!

So what exactly are you trying to say here?

> Nessus is for security auditing and vulnerability
>assessment. Use nmap. Nmap is command-line friendly, faster, and is
>more targeted to the job at hand. Nessus is extreme over-kill. Not to
>mention the fact that it might just take down your router, or any
>Windows boxen that get in it's way ;-)

Can you explain a little more about the differences between nessus 
and nmap. (I actually meant nmap above, but couldn't think of the 
name, and nessus is all that came to mind :)
 
>You could also do a comparison of response times to estimate relative
>physical position of the system in relation to the system the program
>is running on. This, of course, would be highly unreliable, but it
>could be done.

Ahm, yeah, and a lot more mathematically challenging than anyone 
would *really* be interested in tackling, I'd bet :)

>This requires the router/gateway to be running snmp. Given the recent
>talk of the evils of snmp, this could be a problem.

Yeah, right, sure.  And no one out there is running Exchange/Outlook 
anymore because of all the recent discussion of why *that* 
combination is evil :)


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Network diagram information

[Kenneth E. Lussier]

[EMAIL PROTECTED] wrote:
[SNIP...]

> The automated tool sets do little to organize the diagram of the
> network it "auto-discovers" other than just show you what's connected
> to a specific ethernet "segment".  They won't show you what's a
> server of what, what's a client of what, etc.  Usually, the
> network/system administrator already knows that, and is just trying
> to save some time from having to draw things themselves.

It depends on the tool set. Something like NPulse scans the network,
and continuously monitors all of the ports on all of the machines that
it finds. So, in a way, it does tell you what is serving what. Also,
most sniffers will tell you which direction traffic is going, and what
is serving what. EtherApe has a nice GUI representation of traffic
flow, as does Cheops.
  
> What you might want to do is this:
> 
>   1. use something like fping to ping a subnet and find live IP
>addresses.

If you know the IP address of the system you are on, you can scan the
subnet that it is on. Most switches, however, won't allow a brodcast,
directed or not,  to cross. 

>   2. use nessus or something like that to then  scan the live
>IP addresses for open ports.

DON'Y USE NESSUS!! Nessus is for security auditing and vulnerability
assessment. Use nmap. Nmap is command-line friendly, faster, and is
more targeted to the job at hand. Nessus is extreme over-kill. Not to
mention the fact that it might just take down your router, or any
Windows boxen that get in it's way ;-)
 
>   3. For each IP with open ports, draw a picture or make some
>notation that will list each open port on that IP address.
> 
> Now you have a complete list of active IPs on a subnet with a list of
> open ports on each active system.  From this you should be able to
> determine which ones are servers and which ones are clients.

You could also do a comparison of response times to estimate relative
physical position of the system in relation to the system the program
is running on. This, of course, would be highly unreliable, but it
could be done.
 
> Obviously certain IP addresses are likely to be gateways or IP
> addresses of routers or managed hubs/switches, in which case there
> won't, or shouldn't, be any open  ports.  You could then probe each
> on using snmp to determine the manufacturer and model name of the
> equipment.

This requires the router/gateway to be running snmp. Given the recent
talk of the evils of snmp, this could be a problem.

C-Ya,
Kenny
-- 
---
 Kenneth E. Lussier
 Geek by nature, Linux by choice
 PGP KeyID C0D2BA57 
 Public key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0D2BA57

*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Re: Network diagram information

[plussier]

In a message dated: Sun, 17 Feb 2002 12:40:09 EST
Jim McGlaughlin said:

> I am looking for an information resource that discusses command
> line utilities and how to use them to figure out network
> hierarchy, in the form of parent/child IP addresses.
[...snip...]
>I have found tools that do the whole thing for you but I am
> interested in the process and how it works.  If I can find the
> info I am looking for I will use it to learn Python.


I've found over the years, and this especially goes for the automated 
net mapping tools, that the "parent/child" relationship is one that 
can be determined only if you already know the basic network design
to begin with.

For example, who determines if the IP address is one of a "parent" or 
a "child"?  The person who designed the network in the first place.
Here's a question, is the default gateway IP a parent or a child?  
What about the NFS server? The DNS or NIS server ?

The automated tool sets do little to organize the diagram of the 
network it "auto-discovers" other than just show you what's connected 
to a specific ethernet "segment".  They won't show you what's a 
server of what, what's a client of what, etc.  Usually, the
network/system administrator already knows that, and is just trying 
to save some time from having to draw things themselves.

What you might want to do is this:

1. use something like fping to ping a subnet and find live IP 
   addresses.
2. use nessus or something like that to then  scan the live 
   IP addresses for open ports.
3. For each IP with open ports, draw a picture or make some 
   notation that will list each open port on that IP address.

Now you have a complete list of active IPs on a subnet with a list of 
open ports on each active system.  From this you should be able to 
determine which ones are servers and which ones are clients.

Obviously certain IP addresses are likely to be gateways or IP 
addresses of routers or managed hubs/switches, in which case there 
won't, or shouldn't, be any open  ports.  You could then probe each 
on using snmp to determine the manufacturer and model name of the 
equipment.

Does that help?

Oh, by the way, you should check out scotty and tkined.  They do a 
lot of this stuff already.  They won't help you learn python, but 
they will help you monitor your network, and you can dig into the 
code to see how they do certain things.


*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*

Network diagram information

[Jim McGlaughlin]

GNHLUGers

I am looking for an information resource that discusses command line utilities and how 
to use them to figure out network hierarchy, in the form of parent/child IP addresses.

I am hoping to be able to use these tools from inside a scripting language like Python.

In general I think the technique is:

ping all the possible address on the network in question.

For the responding devices do a traceroute, this tells you what devices cross 
networks.

Use an SNMP tool to find out if the device is a managed switch or router,
if so, get more info.

I have found tools that do the whole thing for you but I am interested in the process 
and how it works.  If I can find the info I am looking for I will use it to learn 
Python.

Thanks,

Jim McGlaughlin



*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*