Re: [gentoo-user] nmap - device name.

[thelma]

On 02/11/2017 02:10 PM, Nils Freydank wrote:
> Hi Thelma and others,
> 
> On Fri Feb 10 2017, 18:34:34 CET wrote the...@sys-concept.com:
>> When I scan my local network:
>> nmap  -sn 10.10.0.0/24
>>
>> It prints all the devices connected to it but sometimes it prints the
>> device "name" and sometimes it doesn't eg:
>>
>> Nmap scan report for iaxy (10.0.0.108)
>> Host is up (-0.095s latency).
>> MAC Address: 00:0F:D3:00:30:DD (Digium)
>>
>> Nmap scan report for 10.10.0.3
>> Host is up (0.00017s latency).
>> MAC Address: 54:7F:54:76:61:0D (Ingenico)
>>
>> "...for "name" + IP"
>> "...for + IP
>>
>> Where is it taking the "name" from?
>> It would like to assign a label "name" to all devices.
>> --
>> Thelma
> 
> I’d say that the name "iaxy" is a via DNS (reverse) resolved hostname; maybe
> there is a DNS server running (or there are entries in /etc/hosts) or it’s 
> just
> zeroconf/bonjour[1], which runs nowadays virtually everywhere.
> 
> The other part looks to me as vendors names nmap got from the MAC addresses
> which first parts are vendor specific.
> 
> A quick search[2] gave me these two results (beside some other ones) who seem
> to confirm my thoughts:
> 
> http://superuser.com/questions/702309/how-to-get-device-name-from-scan-like-nmap-on-linux
> http://stackoverflow.com/questions/27817412/why-nmap-sometimes-does-not-show-device-name
> 
> [1] https://en.wikipedia.org/wiki/Zero-configuration_networking
> [2] https://duckduckgo.com/?q=nmap+device+names=ffab=qa
> 
> Hope that helps you :)
> 
> PS: What exactly does '-sn' (or is it just a typo)? My nmap doesn't complain
> when I use it, but the manpage only knows about '-sN' here
> (net-analyzer/nmap-7.40).

-sn: Ping Scan - disable port scan

The only difference between the two networks that I'm aware of is one
runs dd-wrt on Linksys router and the other (with names showing) runs on
Asus NT-R16 router.

Non of them run DNS server to my knowledge.
--
Thelma

Re: [gentoo-user] nmap - device name.

[Nils Freydank]

Hi Thelma and others,

On Fri Feb 10 2017, 18:34:34 CET wrote the...@sys-concept.com:
> When I scan my local network:
> nmap  -sn 10.10.0.0/24
> 
> It prints all the devices connected to it but sometimes it prints the
> device "name" and sometimes it doesn't eg:
> 
> Nmap scan report for iaxy (10.0.0.108)
> Host is up (-0.095s latency).
> MAC Address: 00:0F:D3:00:30:DD (Digium)
> 
> Nmap scan report for 10.10.0.3
> Host is up (0.00017s latency).
> MAC Address: 54:7F:54:76:61:0D (Ingenico)
> 
> "...for "name" + IP"
> "...for + IP
> 
> Where is it taking the "name" from?
> It would like to assign a label "name" to all devices.
> --
> Thelma

I’d say that the name "iaxy" is a via DNS (reverse) resolved hostname; maybe
there is a DNS server running (or there are entries in /etc/hosts) or it’s just
zeroconf/bonjour[1], which runs nowadays virtually everywhere.

The other part looks to me as vendors names nmap got from the MAC addresses
which first parts are vendor specific.

A quick search[2] gave me these two results (beside some other ones) who seem
to confirm my thoughts:

http://superuser.com/questions/702309/how-to-get-device-name-from-scan-like-nmap-on-linux
http://stackoverflow.com/questions/27817412/why-nmap-sometimes-does-not-show-device-name

[1] https://en.wikipedia.org/wiki/Zero-configuration_networking
[2] https://duckduckgo.com/?q=nmap+device+names=ffab=qa

Hope that helps you :)

PS: What exactly does '-sn' (or is it just a typo)? My nmap doesn't complain
when I use it, but the manpage only knows about '-sN' here
(net-analyzer/nmap-7.40).

-- 
Nils Freydank
GnuPG-Key: 0x44594171807206CF @ hkp://keys.gnupg.net
   fpr: AA2D 5CC0 0457 297F 6164  3911 4459 4171 8072 06CF

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] nmap - device name.

[thelma]

On 02/11/2017 11:33 AM, Stroller wrote:
> 
>> On 11 Feb 2017, at 01:34, the...@sys-concept.com wrote:
>>
>> Nmap scan report for iaxy (10.0.0.108)
>> Nmap scan report for 10.10.0.3
> 
> The first things I would do is look up those IPs myself.
> 
>>From the host running nmap, I'd first try running nslookup on 10.0.0.108 and 
>>10.10.0.3.
> 
> Ultimately the question would seem to be whether nmap is getting those names 
> through local name resolution, or whether its some kind of nmap "magic" 
> performed during the port-scan. 
> 
> Stroller.

Yes, the command was run on two different networks: 10.0.0.0 and 10.10.0.0

So it must have something to do with network setup.

--
Thelma

Re: [gentoo-user] nmap - device name.

[Stroller]

> On 11 Feb 2017, at 01:34, the...@sys-concept.com wrote:
> 
> Nmap scan report for iaxy (10.0.0.108)
> Nmap scan report for 10.10.0.3

The first things I would do is look up those IPs myself.

From the host running nmap, I'd first try running nslookup on 10.0.0.108 and 
10.10.0.3.

Ultimately the question would seem to be whether nmap is getting those names 
through local name resolution, or whether its some kind of nmap "magic" 
performed during the port-scan. 

Stroller.

Re: [gentoo-user] nmap - device name.

[Adam Carter]

On Sat, Feb 11, 2017 at 1:09 PM,  wrote:

> On 02/10/2017 06:34 PM, the...@sys-concept.com wrote:
> > When I scan my local network:
> > nmap  -sn 10.10.0.0/24
> >
> > It prints all the devices connected to it but sometimes it prints the
> > device "name" and sometimes it doesn't eg:
> >
> > Nmap scan report for iaxy (10.0.0.108)
> > Host is up (-0.095s latency).
> > MAC Address: 00:0F:D3:00:30:DD (Digium)
> >
> > Nmap scan report for 10.10.0.3
> > Host is up (0.00017s latency).
> > MAC Address: 54:7F:54:76:61:0D (Ingenico)
> >
> > "...for "name" + IP"
> > "...for + IP
> >
> > Where is it taking the "name" from?
> > It would like to assign a label "name" to all devices.
>
> The device name have something to do with network configuration as I
> have two networks, one display devices name the other doesn't.
> eg. both devices are "audiocodes"
>
> Nmap scan report for 10.10.0.8
> Host is up (0.0010s latency).
> MAC Address: 00:90:8F:1D:FF:F1 (Audio Codes)
>
> Nmap scan report for audiocodes (10.0.0.110)
> Host is up (0.00075s latency).
> MAC Address: 00:90:8F:1D:FF:7F (Audio Codes)
>
>
The first half of MAC addresses is the vendor code (aka organisationally
unique identifier)
https://en.wikipedia.org/wiki/MAC_address

You can look them up and you often seem network chipset vendor names like
Intel, Broadcom etc, or in your case "AUDIO CODES LTD."
http://www.macmonster.co.uk/macoui=00908F

Re: [gentoo-user] nmap - device name.

[thelma]

On 02/10/2017 06:34 PM, the...@sys-concept.com wrote:
> When I scan my local network:
> nmap  -sn 10.10.0.0/24
> 
> It prints all the devices connected to it but sometimes it prints the
> device "name" and sometimes it doesn't eg:
> 
> Nmap scan report for iaxy (10.0.0.108)
> Host is up (-0.095s latency).
> MAC Address: 00:0F:D3:00:30:DD (Digium)
> 
> Nmap scan report for 10.10.0.3
> Host is up (0.00017s latency).
> MAC Address: 54:7F:54:76:61:0D (Ingenico)
> 
> "...for "name" + IP"
> "...for + IP
> 
> Where is it taking the "name" from?
> It would like to assign a label "name" to all devices.

The device name have something to do with network configuration as I
have two networks, one display devices name the other doesn't.
eg. both devices are "audiocodes"

Nmap scan report for 10.10.0.8
Host is up (0.0010s latency).
MAC Address: 00:90:8F:1D:FF:F1 (Audio Codes)

Nmap scan report for audiocodes (10.0.0.110)
Host is up (0.00075s latency).
MAC Address: 00:90:8F:1D:FF:7F (Audio Codes)

--
Thelma

[gentoo-user] nmap - device name.

[thelma]

When I scan my local network:
nmap  -sn 10.10.0.0/24

It prints all the devices connected to it but sometimes it prints the
device "name" and sometimes it doesn't eg:

Nmap scan report for iaxy (10.0.0.108)
Host is up (-0.095s latency).
MAC Address: 00:0F:D3:00:30:DD (Digium)

Nmap scan report for 10.10.0.3
Host is up (0.00017s latency).
MAC Address: 54:7F:54:76:61:0D (Ingenico)

"...for "name" + IP"
"...for + IP

Where is it taking the "name" from?
It would like to assign a label "name" to all devices.
--
Thelma