How to check where the port is blocked? - security

is there any way to check on which point (on which router) port (e.g. 22 - ssh) is blocked. In other words I'm looking for something like ping / traceroute to specified port.

See NMAP:
Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
http://nmap.org/

Related

bypass nmap and change OS CPE in ubuntu

how can i change OS CPE in ubuntu.
this is my CPE: OS CPE: cpe:/o:linux:linux_kernel:3
when scanning with nmap leakage all my OS properties . but I need to change the original information to fake information.
My main goal is that the nmap scanner can not identify the type of operating system
This question should be more for Security StackExchange. Anyway...
There are ways to "trick" nmap fingerprinting but is not an easy task.
Nmap sends a series of TCP and UDP packets to the remote host and examines practically every bit in the responses. After performing dozens of tests such as TCP ISN sampling, TCP options support and ordering, IP ID sampling, and the initial window size check, Nmap compares the results to its nmap-os-db database of more than 2,600 known OS fingerprints and prints out the OS details if there is a match.
You can mock some tools detection spoofing the banner or signature. But if you want to mock the OS fingerprinting is not an easy task. You must have a pretty comprehensive set of TCP frame sizes, keepalive functionality, packet number sequences, service banners, etc. Is a though task.
Methods to defeat Nmap OS Fingerprinting in Linux are written as kernel modules, or at least, as patches to the Linux kernel.
Look at the nmap documentation about this topic.

Get bandwidth statistics of network by ip from a linux terminal

I am connected to a local network through a linux system (Ubuntu 14.04).
Is it possible to get the bandwidth usage of other systems connected to the same network? All other systems are also using Ubuntu, however the version are different on some.
Thanks
this would probably help you:
http://bandwidthd.sourceforge.net/
BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization.
What you can see on the network without having access to the machines depends on the network structure and where the monitoring system is placed.

Identify Remote OS based on Port

I need to find the type of OS installed in a Remote Machine.
I know that, I can use OS Finger Printing Tools like NMap to detect the OS specific details of the Remote Machine.
But I can't use such tool, since there are some licensing issues.
I need to implement my own logic to detect OS.
On my search I have found a link that we can find the OS type based on TTL.
But using TTL is not always accurate. It is based on hop calculation.
There will be some open ports in a machine. By scanning that we can somehow manage to find the OS.
Is there any such Port which might give some idea about OS type?
I need to implement a logic to run a Script based on OS. If there are some conditions which is useful to detect the OS type then It might save some time.
if(IsOpen(Some_Port_Number))
{
//This machine might be a windows based one so
if(Run_WindowsBasedScript()==False)
{
Run_LinuxBasedScript();
}
}
else
{
if(Run_LinuxBasedScript()==False)
{
Run_WindowsBasedScript();
}
}
So I need to reduce the run time by identifying the OS type.I thought based on open ports we can find OS. Any Help would be appreciated.
There is not "just one port" you can scan to determine the OS. If you can't use NMAP you'll need to emulate it's mechanism to detect the OS.
Of course you could get lucky with a telnet command (on port 23) giving you the operating system back or a curl -I microsoft.com giving you the web-server Microsoft-IIS/7.5 (classical techniques) but don't count on it.
You'll need to use complicated techniques. You can read in this old article about some of the techniques. There are also some mention of others who use different techniques.
First you need to find out which family the machine belongs to. (You already mentioned the TTL-method) After that you can read in the article above what steps you can take to determine versions.
Another fact is that NMAP uses not just one port, but is best effective if there is at least one open and one closed TCP port found. (It says so when it doesn't find them) So it also determines the OS by combinations of ports found open and closed.
For some further reading:
Chapter 8. Remote OS Detection
OS Detection on Wikipedia
From the other side :) Intrusion Detection Level Analysis of Nmap and Queso

Hostname discovery for all machines on a network

Problem: I am developing a graphical front end for a distributed CPU/GPU simulator. As this simulator utilizes MPI, it requires a hostfile detailing the hostnames for all computers being used on the network so that it knows what machines to distribute across. As the end users for my application are not computer scientists (and may not even be very computer literate), I can't expect them to know/find the hostnames of every computer on their network/cluster. I would like to programmatically perform this hostname discovery so that, upon application start-up, the user can see the available machines, and from those, pick the hosts they want to run on. If possible, I would like this solution to be cross platform but as the simulator currently contains some linux dependencies I can deal with a Linux only solution.
What I have tried so far: I tried utilizing the nmap package to discover hosts on a network with commands like nmap -sP <ip address range> using the ip address range for that local network. However, it only dumps the IP addresses for the hosts (not the host names) and I'm not sure how to translate these IP addresses into ssh hostnames (as MPI uses ssh for host discovery). Additionally, I used a similar approach with ping supplying the broadcast address and it returned nearly identical results.
I apologize for the broad nature of this question and the lack of code shown but I am not very experienced with network probing / programming and I am really not even sure where to start. I tried googling this but I was unable to find a suitable option (possibly because my lack of experience caused me to use improper terminology triggering improper results) My background is primarily in graphics and user interface programming, so this is a little beyond my comfort zone.
SSH doesn't care if it is given hostnames or IP addresses to connect to (not sure if this applies when there are host-specific configurations). Most MPI implementations don't care too, e.g. in Open MPI connection URIs addresses are all numeric, so a hostfile with IPs would be fine. HTTP servers on the other hand care because of the virtual hosting thing where many different sites resolve to the same IP address but the server is supplied the actual hostname via the Host HTTP header.
Unsolicited advice: finding hosts by ping is fine, but it doesn't guarantee that you have found machines, where SSH is running. You would better scan for systems with port 22 open that accept TCP connections:
$ nmap -oX -sT -p22 <ip range>
-oX produces XML output that can be easily parsed. -oG is also a nice format for automated parsing of the scan results. Also having SSH running doesn't necessarily mean that the user would be able to log into the system - for example it could be a network router or another remotely manageable device. One also has to take care of only showing machines where the user can log on without having to supply a password, e.g. with RSA/DSA public keys, otherwise starting an MPI job would be a really tedious task. You can test each host found with something like:
$ ssh -2 -o "PreferredAuthentications=gssapi-with-mic,hostbased,publickey" \
<host> hostname
This command basically excludes all interactive authentication methods. If connection succeeds, it will output the hostname of the remote machine. Otherwise you'd get a permission denied error and a non-zero exit code from the SSH client.

Doing ARP and Inverse ARP on Linux 2.6.21 (glibc 2.3.5)

I need to store persistent reference to third party device on an arbitrary IP network where the IP address of the devices may be static or randomly assigned by DHCP. I don't control the devices on the network and I can't rely on DNS and other ad-hoc networking protocols existing or working with the devices.
So I have been instructed to investigate using hardware addresses and ARP. This will work but I don't want to duplicate code. The kernel must manage an ARP table. On Windows you can access it using GetIpNetTable etc.
I am hoping there is an API to answer these two questions:
How do I translate from IP to MAC address? (ARP)
How do I translate from MAC to IP address? (InARP)
If not then I may have to do it more manually:
How do I read the kernel's ARP table?
How do I add an entry if I have the determined a mapping myself?
/proc/net/arp
K
ARP tables tend to be fairly local and short-lived. If you examine the protocol, the real MAC addresses are generally only provided when the given IP address is in the local subnet.
Otherwise, the packet is forwarded to the local router, which is then responsible for forwarding it.
If you do "arp -g" on Windows or "arp -a" on UNIX, you'll see the table, but I don't think it will do you any good, due to the reasons mentioned above. That command and
That's really what DNS is for but, as you say, it may not be an option for you.
You may well have to write your own 'ARP' database at your application level.
As for ARP:
You could use system("/usr/bin/arp -option_of_choice"); and parse the output, but that's an ugly hack. -- Not my recommendation.
Take a look at /usr/include/linux/sockios.h -- At the SIOCGARP, SIOCDARP, and SIOCSARP details. Those are ioctls that you can perform to manage the ARP table on linux. Of course, you'll have to perform these ioctls on a socket fd.
Here's some examples: SIOCGARP examples
I'm sure you can find many other examples in several other languages as well. As I'm assuming that you're using C.
As for RARP:
A quote from the linux rarp manpage:
" This program is obsolete. From version 2.3, the Linux kernel no longer
contains RARP support. For a replacement RARP daemon, see ftp://ftp.demen-
tia.org/pub/net-tools"
So you'll have to install rarpd on the target system.

Resources