On 10/22/10 1:50 PM, MB Software Solutions General Account wrote:
> I run this program called IPSCAN and some users laptops show up; others
> don't. What would prevent a user's laptop from showing up? I'm trying to
> run SpiceWorks too (thanks for the link, Profoxers), and other users
> laptops are not showing. I'm guessing I need to change something on their
> computer settings to allow access.
As others have stated, those "invisible" laptops are likely hidden from view
because
of Windows Firewall settings that are set not to respond to ICMP messages. A
bad
idea, IMO, but what can you do[1].
If you have access to a system that all computers on the network need to
access, such
as the perimeter firewall or a server or something, you can check that system's
arp
cache, which will give you the hardware address and the ip address of all
recent
network neighbors.
I'm not sure if this is available on Windows or not, but here's an example run
right
now on one of my perimeter firewalls (it's a Sunday, and not many people are
working
right now):
{{{
pmcn...@linserver:~$ arp -n
Address HWtype HWaddress Flags Mask Iface
192.168.101.2 ether 00:0C:29:D0:06:B5 C eth1
192.168.101.17 ether 00:19:B9:D4:59:E2 C eth1
192.168.101.11 ether 00:25:64:DD:0D:9A C eth1
192.168.101.105 ether 00:1D:09:D4:AE:D5 C eth1
192.168.101.23 ether 00:11:11:D3:7E:EA C eth1
}}}
Perhaps this is good enough for your needs, if you just want to know how many
users
are out there. Once you have the ip address, you could use a port scanning tool
(nmap
for instance) to scan those ip's and find out what ports if any they are
listening on
and the firewall is letting through.
For instance, here's the output of me scanning one of the windows systems
listed in
the arp cache above:
{{{
r...@linserver:~# nmap -A 192.168.101.23
Starting Nmap 4.53 ( http://insecure.org ) at 2010-10-24 09:29 PDT
SCRIPT ENGINE: rpcinfo.nse is not a file.
SCRIPT ENGINE: Aborting script scan.
Interesting ports on c23.sanbenitoshutter.localdomain (192.168.101.23):
Not shown: 1710 closed ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
5900/tcp open vnc VNC (protocol 3.8)
MAC Address: 00:11:11:23:7E:EA (Intel)
Device type: general purpose
Running: Microsoft Windows XP
OS details: Microsoft Windows XP SP2
Network Distance: 1 hop
Service Info: OS: Windows
OS and Service detection performed. Please report any incorrect results at
http://insecure.org/nmap/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.905 seconds
}}}
If they are completely locked down and not listening on any ports, then you
wouldn't
be able to identify them. I hope this is interesting and potentially helpful.
Paul
[1] You are implicitly trusting the network interface you join up with, so you
should
therefore have some common courtesy and respond to pings from that network
interface.
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
