Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Today I decided to Nmap my network since we statically assign our own IP addresses, and I thought it would be helpful to have a table to list what IP address goes to which network device. At the end of the nmap it lists a few IP addresses that we didn't set up and I am having problems figuring out what is going on with them.
here is the results from the n-map its all Internal Ip addresses.
Code:
Starting Nmap 4.62 ( http://nmap.org ) at 2009-02-26 11:02 CST
Host 192.168.2.1 appears to be up.
MAC Address: 00:1D:7E:1B:87:89 (Cisco-Linksys)
Host 192.168.2.68 appears to be up.
MAC Address: 00:11:50:BF:9A:FB (Belkin)
Host 192.168.2.113 appears to be up.
MAC Address: 00:18:F3:36:17:50 (Asustek Computer)
Host 192.168.2.115 appears to be up.
MAC Address: 00:06:5B:52:D6:BA (Dell Computer)
Host 192.168.2.119 appears to be up.
MAC Address: 00:06:5B:17:F8:E9 (Dell Computer)
Host 192.168.2.127 appears to be up.
MAC Address: 00:1E:8C:A7:8E:E1 (Asustek Computer)
Host 192.168.2.130 appears to be up.
MAC Address: 00:19:DB:C4:81:03 (Micro-star International CO.)
Host 192.168.2.132 appears to be up.
MAC Address: 00:40:2B:44:BB:50 (Trigem Computer)
Host 192.168.2.133 appears to be up.
MAC Address: 00:19:21:D0:8C:8A (Elitegroup Computer System Co.)
Host 192.168.2.202 appears to be up.
MAC Address: 00:80:F0:58:68:1A (Panasonic Communications Co.)
Host 192.168.2.203 appears to be up.
MAC Address: 00:80:F0:58:67:6A (Panasonic Communications Co.)
Host 192.168.2.204 appears to be up.
MAC Address: 00:80:F0:58:68:19 (Panasonic Communications Co.)
Host 192.168.2.205 appears to be up.
MAC Address: 00:80:F0:A0:CB:D0 (Panasonic Communications Co.)
Host 192.168.2.206 appears to be up.
MAC Address: 00:0C:76:FD:C5:60 (Micro-star International CO.)
Host 192.168.2.222 appears to be up.
Host 192.168.2.223 appears to be up.
MAC Address: 00:14:6C:86:59:16 (Netgear)
Stats: 0:07:31 elapsed; 768 hosts completed (16 up), 0 undergoing Ping Scan
Ping Scan Timing: About 14.53% done; ETC: 11:33 (0:23:40 remaining)
Stats: 0:24:14 elapsed; 768 hosts completed (16 up), 0 undergoing Ping Scan
Ping Scan Timing: About 75.02% done; ETC: 11:33 (0:06:54 remaining)
Host 192.168.34.17 appears to be up.
Host 192.168.34.18 appears to be up.
Host 192.168.34.21 appears to be up.
Host 192.168.34.22 appears to be up.
the Ip addresses that are at 192.168.34.17 , 34.18, 34.21, 34.22 are the ones in questions.
Any Ideas as to what this could be or what I should do to find out. Also Portscaning these Ip address show that
there are no lessening services.
almost forgot a traceroute to these IP addresses, shows a hop off our local network and on to our isp and to a back bone connection then it gets filtered out....
using nmap, use '-O' to try and determine the operating system... from that output, you can also see the MAC address. Use this URL to lookup the MAC and see what kind of hardware it is:
almost forgot a traceroute to these IP addresses, shows a hop off our local network and on to our isp and to a back bone connection then it gets filtered out....
Starting Nmap 4.62 ( http://nmap.org ) at 2009-02-26 15:47 CST
All 1715 scanned ports on 192.168.34.17 are filtered
Too many fingerprints match this host to give specific OS details
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 335.857 seconds
sorry i didnt catch the different octects... if they are not in the same broadcast domain then you wont be able to determine the MAC addresses.
What is your nmap scanner's IP and subnet mask? Please post the output of 'ifconfig -a'.
If the hosts are on the same subnet, then you can ping it, and then check your arp table ('arp -a') for a MAC address. Then lookup the MACs in the link above to find out what kind of hardware it is.
If that doesn't work, then you'll need to have access to the switch (if it's managed and you can log into it) to trace the mac through the switch ports and find out where it's plugged in.
Last edited by JulianTosh; 02-26-2009 at 06:20 PM.
I am suddenly very interested in this also.
Just for kicks, I ran that same nmap command on my lan.
My desktop, a linksys router, and 2 linux game/web servers
are on static IP's connected to internet via the cayman dsl router.
Never seen those 192.168.34.xxx addresses until tonight....
Code:
[root@p43000 ~]# nmap -sP 192.168.0.0/16
Starting Nmap 4.52 ( http://insecure.org ) at 2009-02-26 20:03 CST
Host 192.168.1.25 appears to be up.
MAC Address: 00:30:48:24:13:06 (Supermicro Computer)
Host p43000.new3 (192.168.1.33) appears to be up.
Host 192.168.1.41 appears to be up.
MAC Address: 00:30:48:71:CA:3E (Supermicro Computer)
Host 192.168.1.43 appears to be up.
MAC Address: 00:1C:10:18:5E:E4 (Cisco-Linksys)
Host 192.168.1.254 appears to be up.
MAC Address: 00:00:89:1C:C8:7A (Cayman Systems)
Host 192.168.34.17 appears to be up.
Host 192.168.34.18 appears to be up.
Host 192.168.34.21 appears to be up.
Host 192.168.34.22 appears to be up.
paste the output. if there's just a simple default gateway pointing to a firewall/router, then do the same command from that host. post that output as well.
can you run the same command from 192.168.1.254? we need to find a firewall/router directly connected to the 192.168.34.x network so we can get arp information and determine the type of device this.
Ok.. you're fine. The hosts responding to pings are misconfigured and out on the internet somewhere. Those addresses should not be publicly routable, so I'm going to say it's another subscriber on your ISP.
If you were to use a proper subnet prefix when scanning your internal network with nmap (/24 instead of /16 or 255.255.255.0) then you would not have seen them.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.