ITSC200 Assignment1

Network Asset Management === [TOC] ## Logical topology diagram ![Network Topology](https://hackmd.io/_uploads/rJuV_0FZa.png) ## Asset list | Device | IP | MAC | Hostname | OS | Open ports | |:----------------:|:-------------:|:-----------------:|:---------------:|:---------------:|:------------------------------------------:| | Telus WiFi | 192.168.1.41 | d4:86:60:35:9a:b9 | | Linux 3.2 - 4.9 | T:80,7547,45514,U:1900 | | IP TV | 192.168.1.65 | fc:53:b0:a2:70:73 | | unknown | T:14035,36435,36993 | | iPhone | 192.168.1.66 | 3a:78:c2:c6:0a:fe | Flycatcher | iOS 16 | T:49152,49158,62078,U:5353 | | Kail(Virtualize) | 192.168.1.67 | da:f5:f7:01:90:1d | | Kali GNU/Linux | 65535 closed tcp ports (reset) | | iPad | 192.168.1.73 | 7a:fe:83:d4:4b:70 | iPad | iPadOs 16 | Not booted while scan | | Mac14,2 | 192.168.1.74 | 1c:57:dc:78:7b:81 | Furnace | macOS 14 | T:53,5000,7000,58725,U:137,5353 | | Window Desktop | 192.168.1.75 | b0:7d:64:b2:9c:b0 | DESKTOP-9VKEPT2 | Windows10 22H2 | Not booted while scan | | SteamDeck | 192.168.1.76 | 50:5a:65:24:1f:75 | steamdeck | SteamOS Holo | T:5355,8081,27036 | | iPhone | 192.168.1.79 | e6:2b:49:f7:16:68 | iPhone | iOS 16 | T:49152,49153,62078,U:5353 | | Telus NH20A | 192.168.1.254 | 60:8d:26:0f:49:48 | | Linux 3.2 - 4.9 | T:53,80,443,10053,45514,48657,U:53,67,1900 | ## Scans history ``` nmap -n -sn 192.168.1.0/24 -oG - \| awk '/Up$/{print $2}' >> hostlist.txt ``` :clock1: 2023-10-14 13:25 > Quick rundown of options and commands: > - -n turns off reverse name resolution, since you just want IP addresses. On a local LAN this is probably the slowest step, too, so you get a good speed boost. > - -sn means "Don't do a port scan." It's the same as the older, deprecated -sP with the mnemonic "ping scan." > - -oG - sends "grepable" output to stdout, which gets piped to awk. > - /Up$/ selects only lines which end with "Up", representing hosts that are online. > - {print $2} prints the second whitespace-separated field, which is the IP address. > [name=bonsaiviking@stackexchange.com] Output: ```= └─$ cat hostlist.txt 192.168.1.41 192.168.1.65 192.168.1.66 192.168.1.67 192.168.1.74 192.168.1.79 192.168.1.254 ``` --- List MAC addresses by arp: ```= └─$ arp Address HWtype HWaddress Flags Mask Iface 192.168.1.65 ether fc:53:b0:a2:70:73 C eth0 192.168.1.41 ether d4:86:60:35:9a:b9 C eth0 192.168.1.66 ether 3a:78:c2:c6:0a:fe C eth0 192.168.1.73 ether 7a:fe:83:d4:4b:70 C eth0 192.168.1.75 ether b0:7d:64:b2:9c:b0 C eth0 192.168.1.74 ether 1c:57:dc:78:7b:81 C eth0 192.168.1.79 ether e6:2b:49:f7:16:68 C eth0 192.168.1.254 ether 60:8d:26:0f:49:48 C eth0 ``` Somehow we got 2 IPs (`192.168.1.73` and `192.168.1.75`)that didn't been discover by previous scan. It might means they are not active active for now. I would guess they are iPad and my desktop. And notice ..67 doesn't appear in the ARP table, because `192.168.1.67` is kali itself. --- ``` sudo nmap -iL hostlist.txt -sS -p- -T4 ``` :clock1: 2023-10-14 13:39 Output: ```= Starting Nmap 7.94 ( https://nmap.org ) at 2023-10-14 13:39 MDT Stats: 0:07:26 elapsed; 1 hosts completed (5 up), 5 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 92.38% done; ETC: 13:47 (0:00:37 remaining) Nmap scan report for 192.168.1.41 Host is up (0.017s latency). Not shown: 65532 closed tcp ports (reset) PORT STATE SERVICE 80/tcp open http 7547/tcp open cwmp 45514/tcp open cloudcheck MAC Address: D4:86:60:35:9A:B9 (Arcadyan) Nmap scan report for 192.168.1.65 Host is up (0.028s latency). Not shown: 65532 closed tcp ports (reset) PORT STATE SERVICE 14035/tcp open unknown 36435/tcp open unknown 36993/tcp open unknown MAC Address: FC:53:B0:A2:70:73 (Unknown) Nmap scan report for 192.168.1.74 Host is up (0.00049s latency). Not shown: 65477 closed tcp ports (reset), 54 filtered tcp ports (no-response) PORT STATE SERVICE 53/tcp open domain 5000/tcp open upnp 7000/tcp open afs3-fileserver 58725/tcp open unknown MAC Address: 1C:57:DC:78:7B:81 (Apple) Nmap scan report for 192.168.1.79 Host is up (0.021s latency). Not shown: 65532 closed tcp ports (reset) PORT STATE SERVICE 49152/tcp open unknown 49153/tcp open unknown 62078/tcp open iphone-sync MAC Address: E6:2B:49:F7:16:68 (Unknown) Nmap scan report for 192.168.1.254 Host is up (0.0094s latency). Not shown: 65529 closed tcp ports (reset) PORT STATE SERVICE 53/tcp open domain 80/tcp open http 443/tcp open https 10053/tcp open unknown 45514/tcp open cloudcheck 48657/tcp open unknown MAC Address: 60:8D:26:0F:49:48 (Arcadyan) Nmap scan report for 192.168.1.67 Host is up (0.0000010s latency). All 65535 scanned ports on 192.168.1.67 are in ignored states. Not shown: 65535 closed tcp ports (reset) Nmap done: 7 IP addresses (6 hosts up) scanned in 709.05 seconds ``` --- ``` sudo nmap -iL hostlist.txt -sU -T4 ``` :clock1: 2023-10-14 14:31 Output: ```= Starting Nmap 7.94 ( https://nmap.org ) at 2023-10-14 14:31 MDT Stats: 0:00:05 elapsed; 0 hosts completed (6 up), 6 undergoing UDP Scan UDP Scan Timing: About 34.49% done; ETC: 14:31 (0:00:09 remaining) Warning: 192.168.1.41 giving up on port because retransmission cap hit (6). Warning: 192.168.1.254 giving up on port because retransmission cap hit (6). Stats: 0:08:40 elapsed; 0 hosts completed (6 up), 6 undergoing UDP Scan UDP Scan Timing: About 63.22% done; ETC: 14:44 (0:05:02 remaining) Stats: 0:14:42 elapsed; 0 hosts completed (6 up), 6 undergoing UDP Scan UDP Scan Timing: About 81.56% done; ETC: 14:49 (0:03:19 remaining) Stats: 0:22:48 elapsed; 0 hosts completed (6 up), 6 undergoing UDP Scan UDP Scan Timing: About 90.98% done; ETC: 14:56 (0:02:16 remaining) Warning: 192.168.1.66 giving up on port because retransmission cap hit (6). Stats: 0:28:43 elapsed; 0 hosts completed (6 up), 6 undergoing UDP Scan UDP Scan Timing: About 94.57% done; ETC: 15:01 (0:01:39 remaining) Stats: 0:35:04 elapsed; 0 hosts completed (6 up), 6 undergoing UDP Scan UDP Scan Timing: About 96.35% done; ETC: 15:07 (0:01:20 remaining) Stats: 0:39:41 elapsed; 0 hosts completed (6 up), 6 undergoing UDP Scan UDP Scan Timing: About 98.37% done; ETC: 15:11 (0:00:39 remaining) Nmap scan report for 192.168.1.41 Host is up (0.0090s latency). Not shown: 988 closed udp ports (port-unreach) PORT STATE SERVICE 37/udp open|filtered time 68/udp open|filtered dhcpc 1900/udp open upnp 9199/udp open|filtered unknown 17638/udp open|filtered unknown 19047/udp open|filtered unknown 19605/udp open|filtered unknown 20019/udp open|filtered unknown 20518/udp open|filtered unknown 47808/udp open|filtered bacnet 49213/udp open|filtered unknown 61319/udp open|filtered unknown MAC Address: D4:86:60:35:9A:B9 (Arcadyan) Nmap scan report for 192.168.1.65 Host is up (0.11s latency). All 1000 scanned ports on 192.168.1.65 are in ignored states. Not shown: 1000 closed udp ports (port-unreach) MAC Address: FC:53:B0:A2:70:73 (Unknown) Nmap scan report for 192.168.1.66 Host is up (0.081s latency). Not shown: 773 closed udp ports (port-unreach), 226 open|filtered udp ports (no-response) PORT STATE SERVICE 5353/udp open zeroconf MAC Address: 3A:78:C2:C6:0A:FE (Unknown) Nmap scan report for 192.168.1.74 Host is up (0.00053s latency). Not shown: 995 closed udp ports (port-unreach) PORT STATE SERVICE 53/udp open|filtered domain 67/udp open|filtered dhcps 137/udp open netbios-ns 138/udp open|filtered netbios-dgm 5353/udp open zeroconf MAC Address: 1C:57:DC:78:7B:81 (Apple) Nmap scan report for 192.168.1.79 Host is up (0.070s latency). Not shown: 999 closed udp ports (port-unreach) PORT STATE SERVICE 5353/udp open zeroconf MAC Address: E6:2B:49:F7:16:68 (Unknown) Nmap scan report for 192.168.1.254 Host is up (0.011s latency). Not shown: 990 closed udp ports (port-unreach) PORT STATE SERVICE 37/udp open|filtered time 53/udp open domain 67/udp open|filtered dhcps 1900/udp open upnp 4000/udp open|filtered icq 5060/udp open|filtered sip 16816/udp open|filtered unknown 19503/udp open|filtered unknown 31625/udp open|filtered unknown 49213/udp open|filtered unknown MAC Address: 60:8D:26:0F:49:48 (Arcadyan) Nmap scan report for 192.168.1.67 Host is up (0.0000010s latency). All 1000 scanned ports on 192.168.1.67 are in ignored states. Not shown: 1000 closed udp ports (port-unreach) Nmap done: 7 IP addresses (7 hosts up) scanned in 2896.06 seconds ``` It took 48 minutes to finish. Hopefully I won't need to redo the scan. --- ``` nmap -iL hostlist.txt -sV -O -v -T4 ``` :clock1: 2023-10-14 15:54 Output: ```= Starting Nmap 7.94 ( https://nmap.org ) at 2023-10-14 15:54 MDT Nmap scan report for 192.168.1.41 Host is up (0.0090s latency). Not shown: 999 closed tcp ports (reset) PORT STATE SERVICE VERSION 80/tcp open http 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port80-TCP:V=7.94%I=7%D=10/14%Time=652B0E02%P=aarch64-unknown-linux-gnu SF:%r(GetRequest,DC,"HTTP/1\.1\x20302\x20Found\r\nPragma:\x20no-cache\r\nC SF:ache-Control:\x20no-cache\r\nContent-length:\x200\r\nLocation:\x20/logi SF:n\.htm\r\nX-Content-Type-Options:\x20nosniff\r\nX-XSS-Protection:\x201; SF:\x20mode=block\r\nX-Frame-Options:\x20SAMEORIGIN\r\nConnection:\x20clos SF:e\r\n\r\n")%r(HTTPOptions,DC,"HTTP/1\.1\x20302\x20Found\r\nPragma:\x20n SF:o-cache\r\nCache-Control:\x20no-cache\r\nContent-length:\x200\r\nLocati SF:on:\x20/login\.htm\r\nX-Content-Type-Options:\x20nosniff\r\nX-XSS-Prote SF:ction:\x201;\x20mode=block\r\nX-Frame-Options:\x20SAMEORIGIN\r\nConnect SF:ion:\x20close\r\n\r\n")%r(FourOhFourRequest,DC,"HTTP/1\.1\x20302\x20Fou SF:nd\r\nPragma:\x20no-cache\r\nCache-Control:\x20no-cache\r\nContent-leng SF:th:\x200\r\nLocation:\x20/login\.htm\r\nX-Content-Type-Options:\x20nosn SF:iff\r\nX-XSS-Protection:\x201;\x20mode=block\r\nX-Frame-Options:\x20SAM SF:EORIGIN\r\nConnection:\x20close\r\n\r\n"); MAC Address: D4:86:60:35:9A:B9 (Arcadyan) Device type: general purpose Running: Linux 3.X|4.X OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 OS details: Linux 3.2 - 4.9 Network Distance: 1 hop Nmap scan report for 192.168.1.65 Host is up (0.017s latency). All 1000 scanned ports on 192.168.1.65 are in ignored states. Not shown: 1000 closed tcp ports (reset) MAC Address: FC:53:B0:A2:70:73 (Unknown) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Aggressive OS guesses: IBM InfoPrint 1754 printer (97%), Linux 2.6.38 (93%), Aerohive HiveOS 6.1 (93%), Arris cable modem (Linux 2.6.18) (93%), Arris TG862 WAP (93%), Aruba Instant AP (ArubaOS 6.4.2.6) (93%), Asus RT-AC66U router (Linux 2.6) (93%), AVM FRITZ!Box (FritzOS 6.20) (93%), AVM FRITZ!WLAN Repeater 450E (FritzOS 6.51) (93%), Avocent MergePoint Unity MPU2016DAC KVM switch (93%) No exact OS matches for host (test conditions non-ideal). Network Distance: 1 hop Nmap scan report for 192.168.1.66 Host is up (0.022s latency). Not shown: 997 closed tcp ports (reset) PORT STATE SERVICE VERSION 49152/tcp open unknown 49158/tcp open unknown 62078/tcp open tcpwrapped MAC Address: 3A:78:C2:C6:0A:FE (Unknown) No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ). TCP/IP fingerprint: OS:SCAN(V=7.94%E=4%D=10/14%OT=49152%CT=1%CU=44579%PV=Y%DS=1%DC=D%G=Y%M=3A78 OS:C2%TM=652B0EB6%P=aarch64-unknown-linux-gnu)SEQ(SP=103%GCD=1%ISR=106%TI=Z OS:%CI=RD%II=RI%TS=21)SEQ(SP=103%GCD=1%ISR=10D%TI=Z%CI=RD%II=RI%TS=21)SEQ(S OS:P=105%GCD=1%ISR=10B%TI=Z%CI=RD%II=RI%TS=21)SEQ(SP=108%GCD=1%ISR=10B%TI=Z OS:%CI=RD%II=I%TS=21)SEQ(SP=FE%GCD=1%ISR=10D%TI=Z%CI=RD%II=RI%TS=21)OPS(O1= OS:M5B4NW5NNT11SLL%O2=M5B4NW5NNT11SLL%O3=M5B4NW5NNT11%O4=M5B4NW5NNT11SLL%O5 OS:=M5B4NW5NNT11SLL%O6=M5B4NNT11SLL)WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5= OS:FFFF%W6=FFFF)ECN(R=Y%DF=Y%T=40%W=FFFF%O=M5B4NW5SLL%CC=N%Q=)T1(R=Y%DF=Y%T OS:=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R OS:%O=%RD=0%Q=)T5(R=Y%DF=N%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T= OS:40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=N%T=40%W=0%S=Z%A=S%F=AR%O=%RD=0% OS:Q=)U1(R=Y%DF=N%T=40%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=0%RUD=G)IE(R=Y OS:%DFI=S%T=40%CD=S) Network Distance: 1 hop Nmap scan report for 192.168.1.74 Host is up (0.00096s latency). Not shown: 997 closed tcp ports (reset) PORT STATE SERVICE VERSION 53/tcp open domain? 5000/tcp open rtsp AirTunes rtspd 710.79.1 7000/tcp open rtsp AirTunes rtspd 710.79.1 MAC Address: 1C:57:DC:78:7B:81 (Apple) No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ). TCP/IP fingerprint: OS:SCAN(V=7.94%E=4%D=10/14%OT=53%CT=1%CU=37988%PV=Y%DS=1%DC=D%G=Y%M=1C57DC% OS:TM=652B0EB6%P=aarch64-unknown-linux-gnu)SEQ(SP=100%GCD=1%ISR=10F%TI=Z%CI OS:=RI%II=RI%TS=21)SEQ(SP=101%GCD=1%ISR=10C%TI=Z%CI=RI%II=RI%TS=22)SEQ(SP=1 OS:03%GCD=1%ISR=10B%TI=Z%CI=RI%II=RI%TS=21)SEQ(SP=106%GCD=1%ISR=10A%TI=Z%CI OS:=RI%II=RI%TS=21)SEQ(SP=107%GCD=1%ISR=10D%TI=Z%CI=RI%II=RI%TS=22)OPS(O1=M OS:5B4NW6NNT11SLL%O2=M5B4NW6NNT11SLL%O3=M5B4NW6NNT11%O4=M5B4NW6NNT11SLL%O5= OS:M5B4NW6NNT11SLL%O6=M5B4NNT11SLL)WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=F OS:FFF%W6=FFFF)ECN(R=Y%DF=N%T=40%W=FFFF%O=M5B4NW6SLL%CC=N%Q=)T1(R=Y%DF=N%T= OS:40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=N%T=40%W=0%S=A%A=Z%F=R% OS:O=%RD=0%Q=)T5(R=Y%DF=N%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%T=4 OS:0%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=N)U1(R=Y%DF=N%T=40%IPL=38%UN=0%RIPL=G% OS:RID=G%RIPCK=G%RUCK=0%RUD=G)IE(R=Y%DFI=N%T=40%CD=S) Network Distance: 1 hop Nmap scan report for 192.168.1.254 Host is up (0.0088s latency). Not shown: 997 closed tcp ports (reset) PORT STATE SERVICE VERSION 53/tcp open domain? 80/tcp open http 443/tcp open ssl/https 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port80-TCP:V=7.94%I=7%D=10/14%Time=652B0E02%P=aarch64-unknown-linux-gnu SF:%r(GetRequest,9A,"HTTP/1\.1\x20302\x20Found\r\nPragma:\x20no-cache\r\nC SF:ache-Control:\x20no-cache\r\nContent-length:\x200\r\nLocation:\x20/logi SF:n\.htm\r\nX-Frame-Options:\x20SAMEORIGIN\r\nConnection:\x20close\r\n\r\ SF:n")%r(HTTPOptions,9A,"HTTP/1\.1\x20302\x20Found\r\nPragma:\x20no-cache\ SF:r\nCache-Control:\x20no-cache\r\nContent-length:\x200\r\nLocation:\x20/ SF:login\.htm\r\nX-Frame-Options:\x20SAMEORIGIN\r\nConnection:\x20close\r\ SF:n\r\n")%r(FourOhFourRequest,9A,"HTTP/1\.1\x20302\x20Found\r\nPragma:\x2 SF:0no-cache\r\nCache-Control:\x20no-cache\r\nContent-length:\x200\r\nLoca SF:tion:\x20/login\.htm\r\nX-Frame-Options:\x20SAMEORIGIN\r\nConnection:\x SF:20close\r\n\r\n"); MAC Address: 60:8D:26:0F:49:48 (Arcadyan) Device type: general purpose Running: Linux 3.X|4.X OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 OS details: Linux 3.2 - 4.9 Network Distance: 1 hop Nmap scan report for 192.168.1.67 Host is up (0.000092s latency). All 1000 scanned ports on 192.168.1.67 are in ignored states. Not shown: 1000 closed tcp ports (reset) Too many fingerprints match this host to give specific OS details Network Distance: 0 hops OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 7 IP addresses (6 hosts up) scanned in 189.97 seconds ``` Try to detect OS and version, but the result is not really useful. --- ``` nmap -n -sS -p- -T4 192.168.1.66 ``` :clock1: 2023-10-14 16:25 Output: ``` Starting Nmap 7.94 ( https://nmap.org ) at 2023-10-14 16:25 MDT Nmap scan report for 192.168.1.66 Host is up (0.023s latency). Not shown: 65532 closed tcp ports (reset) PORT STATE SERVICE 49152/tcp open unknown 49158/tcp open unknown 62078/tcp open iphone-sync MAC Address: 3A:78:C2:C6:0A:FE (Unknown) Nmap done: 1 IP address (1 host up) scanned in 7.43 seconds ``` Just found in first scan, 192.168.1.66 wasn't up. --- ``` nmap -n -sU -sV -p U:37,68,1900,9199,17638,19047,19605,20019,20518,47808,49213,61319 192.168.1.41 ``` :clock1: 2023-10-15 11:20 output: ```= Starting Nmap 7.94 ( https://nmap.org ) at 2023-10-15 11:20 MDT Nmap scan report for 192.168.1.41 Host is up (0.010s latency). PORT STATE SERVICE VERSION 37/udp closed time 68/udp open|filtered dhcpc 1900/udp open upnp? 9199/udp closed unknown 17638/udp closed unknown 19047/udp closed unknown 19605/udp closed unknown 20019/udp closed unknown 20518/udp closed unknown 47808/udp closed bacnet 49213/udp closed unknown 61319/udp closed unknown 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port1900-UDP:V=7.94%I=7%D=10/15%Time=652C1F5B%P=aarch64-unknown-linux-g SF:nu%r(UPNP_MSEARCH,1EC,"HTTP/1\.1\x20200\x20OK\r\nCACHE-CONTROL:\x20max- SF:age\x20=\x201800\r\nEXT:\r\nLOCATION:\x20http://192\.168\.1\.41:45514/a SF:gent\.xml\r\nSERVER:\x20Linux/4\.1\.52\x20UPnP/1\.1\x20Cloudcheck_Agent SF:/3\.2\.17\x20BS22130031694\r\nST:\x20upnp:rootdevice\r\nUSN:\x20uuid:f3 SF:702659-8fb1-4c54-af7a-00bf7d17dcd6::upnp:rootdevice\r\nBOOTID\.UPNP\.OR SF:G:\x201\r\nBSSID_0\.assia-inc\.com:\x20D4:86:60:35:9A:BC\r\nBSSID_32\.a SF:ssia-inc\.com:\x20D4:86:60:35:9A:BD\r\nBSSID_34\.assia-inc\.com:\x2062: SF:86:60:35:9A:BF\r\nBSSID_40\.assia-inc\.com:\x20D4:86:60:35:9A:BE\r\nBSS SF:ID_42\.assia-inc\.com:\x206A:86:60:35:9A:B8\r\n\r\n"); MAC Address: D4:86:60:35:9A:B9 (Arcadyan) Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 108.56 seconds ``` --- ``` nmap -n -sUV -p U:68 192.168.1.41 ``` :clock1: 2023-10-15 11:26 output: ```= Starting Nmap 7.94 ( https://nmap.org ) at 2023-10-15 11:26 MDT Nmap scan report for 192.168.1.41 Host is up (0.0071s latency). PORT STATE SERVICE VERSION 68/udp open|filtered dhcpc MAC Address: D4:86:60:35:9A:B9 (Arcadyan) Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 99.20 seconds ``` --- ``` nmap --script broadcast-dhcp-discover ``` :clock1: 2023-10-15 11:34 output: ```= Starting Nmap 7.94 ( https://nmap.org ) at 2023-10-15 11:34 MDT Pre-scan script results: | broadcast-dhcp-discover: | Response 1 of 2: | Interface: eth1 | IP Offered: 172.21.0.8 | DHCP Message Type: DHCPOFFER | Server Identifier: 172.21.0.5 | IP Address Lease Time: 1d00h00m00s | Subnet Mask: 255.255.0.0 | Domain Name Server: 8.8.8.8 | Response 2 of 2: | Interface: eth0 | IP Offered: 192.168.1.68 | DHCP Message Type: DHCPOFFER | Server Identifier: 192.168.1.254 | IP Address Lease Time: 1d00h00m00s | Subnet Mask: 255.255.255.0 | Router: 192.168.1.254 | Domain Name Server: 192.168.1.254 | Vendor Specific Information: \x01\x15https://hdm.telus.com | Renewal Time Value: 12h00m00s | Rebinding Time Value: 21h00m00s |_ Bootfile Name: CVT/2/239.192.10.200:16000+SA=239.192.10.200:16000 WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 10.22 seconds ``` --- ``` nmap -n -sUV -p U:53,67,138 192.168.1.74 ``` :clock1: 2023-10-15 11:39 output: ```= Starting Nmap 7.94 ( https://nmap.org ) at 2023-10-15 11:39 MDT Nmap scan report for 192.168.1.74 Host is up (0.00026s latency). PORT STATE SERVICE VERSION 53/udp open|filtered domain 67/udp open|filtered dhcps 138/udp open|filtered netbios-dgm MAC Address: 1C:57:DC:78:7B:81 (Apple) Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 105.19 seconds ``` --- ``` nmap -n -sUV -p U:137,5353 -T4 192.168.1.74 ``` :clock1: 2023-10-15 11:43 output: ```= Starting Nmap 7.94 ( https://nmap.org ) at 2023-10-15 11:43 MDT Nmap scan report for 192.168.1.74 Host is up (0.00060s latency). PORT STATE SERVICE VERSION 137/udp open netbios-ns Apple Mac OS X netbios-ns 5353/udp open mdns DNS-based service discovery MAC Address: 1C:57:DC:78:7B:81 (Apple) Service Info: Host: FURNACE; OS: Mac OS X; CPE: cpe:/o:apple:mac_os_x Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds ``` --- ``` nmap -n -sUV -p U:37,53,67,1900,4000,5060,16816,19503,31625,49213 -T4 192.168.1.254 ``` :clock1: 2023-10-15 12:01 output: ```= Starting Nmap 7.94 ( https://nmap.org ) at 2023-10-15 12:01 MDT Nmap scan report for 192.168.1.254 Host is up (0.012s latency). PORT STATE SERVICE VERSION 37/udp closed time 53/udp open domain ISC BIND 67/udp open|filtered dhcps 1900/udp open upnp? 4000/udp closed icq 5060/udp open|filtered sip 16816/udp closed unknown 19503/udp closed unknown 31625/udp closed unknown 49213/udp closed unknown 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port1900-UDP:V=7.94%I=7%D=10/15%Time=652C291A%P=aarch64-unknown-linux-g SF:nu%r(UPNP_MSEARCH,115,"HTTP/1\.1\x20200\x20OK\r\nCACHE-CONTROL:\x20max- SF:age\x20=\x201800\r\nEXT:\r\nLOCATION:\x20http://192\.168\.1\.254:45514/ SF:agent\.xml\r\nSERVER:\x20Linux/4\.1\.52\x20UPnP/1\.1\x20Cloudcheck_Agen SF:t/3\.1\.0\x20ARCB04502A00\r\nST:\x20upnp:rootdevice\r\nUSN:\x20uuid:f38 SF:921c0-4d18-4e8f-b847-780cf23a919f::upnp:rootdevice\r\nBOOTID\.UPNP\.ORG SF::\x201\r\n\r\n"); MAC Address: 60:8D:26:0F:49:48 (Arcadyan) Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 105.21 seconds ``` --- ``` nmap -n -sS -sV -p- -T4 192.168.1.76 ``` :clock1: 2023-10-15 12:49 output: ```= Starting Nmap 7.94 ( https://nmap.org ) at 2023-10-15 12:49 MDT Nmap scan report for 192.168.1.76 Host is up (0.015s latency). Not shown: 65532 closed tcp ports (reset) PORT STATE SERVICE VERSION 5355/tcp open llmnr? 8081/tcp open tcpwrapped 27036/tcp open ssl/steam Valve Steam In-Home Streaming service (TLSv1.2 PSK) MAC Address: 50:5A:65:24:1F:75 (AzureWave Technologies) Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 165.65 seconds ``` --- ``` nmap -n -sU -T4 192.168.1.76 ``` :clock1: 2023-10-15 13:00 output: ```= Starting Nmap 7.94 ( https://nmap.org ) at 2023-10-15 13:00 MDT Warning: 192.168.1.76 giving up on port because retransmission cap hit (6). Nmap scan report for 192.168.1.76 Host is up (0.20s latency). Not shown: 985 closed udp ports (port-unreach) PORT STATE SERVICE 111/udp open|filtered rpcbind 989/udp open|filtered ftps-data 1040/udp open|filtered netarx 1056/udp open|filtered vfo 1090/udp open|filtered ff-fms 5355/udp open|filtered llmnr 19294/udp open|filtered unknown 22996/udp open|filtered unknown 25157/udp open|filtered unknown 36108/udp open|filtered unknown 42508/udp open|filtered candp 47915/udp open|filtered unknown 48189/udp open|filtered unknown 49165/udp open|filtered unknown 51717/udp open|filtered unknown MAC Address: 50:5A:65:24:1F:75 (AzureWave Technologies) Nmap done: 1 IP address (1 host up) scanned in 1072.14 seconds ``` --- ``` nmap -n -sUV -p U:111,989,1040,1056,1090,5355,19294,22996,25157,36108,42508,47915,48189,49165,51717 -T4 192.168.1.76 ``` :clock1: 2023-10-15 13:20 output: ```= Starting Nmap 7.94 ( https://nmap.org ) at 2023-10-15 13:20 MDT Nmap scan report for 192.168.1.76 Host is up (0.14s latency). PORT STATE SERVICE VERSION 111/udp open|filtered rpcbind 989/udp closed ftps-data 1040/udp closed netarx 1056/udp closed vfo 1090/udp closed ff-fms 5355/udp open|filtered llmnr 19294/udp closed unknown 22996/udp closed unknown 25157/udp closed unknown 36108/udp closed unknown 42508/udp open|filtered candp 47915/udp closed unknown 48189/udp closed unknown 49165/udp closed unknown 51717/udp closed unknown MAC Address: 50:5A:65:24:1F:75 (AzureWave Technologies) Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 107.18 seconds ```