Screech Posted August 17, 2006 Report Posted August 17, 2006 What can you find out from an IP?Here I will outline some use full Unix and NT commands for finding out more information about a given COLOR=purpleIP. Some of these techniques will fail depending on firewall rule sets.Items to be covered:How do I find my own IP?How do I find out if an IP is contactable?How do I find out what organization owns an IP?How do I find out what OS a box is running?How do I find out what ports are open/services are running?How do I tell who is logged in to that box?Any good all in one tools?How Do I find the NetBIOS name from the IP?How Do I find the IP from the NetBIOS name?How can I see the traffic going between two IPs on a switched network?How do I find my own IP?Because the IP your ISP's DHCP server hands you may not always be the same it is handy to be able to quickly find out what your IP is. Most of the time on a LAN the DHCP server will try to hand a machine the same IP it's MAC address received the last time it requested an address, but not always. To find out your host IP and other useful information use these commands.Windows 9X/Me:Use the "winipcfg" command, this will bring up a GUI dialog with all the info you will need.Windows NT/2000/XP/etc:Use the "ipconfig command.C:>ipconfig /allWindows 2000 IP ConfigurationHost Name . . . . . . . . . . . . : se-libg-adrian1Primary DNS Suffix . . . . . . . : ads.mydomain.eduNode Type . . . . . . . . . . . . : HybridIP Routing Enabled. . . . . . . . : NoWINS Proxy Enabled. . . . . . . . : NoDNS Suffix Search List. . . . . . : ads.mydomain.edumydomains.edumydomain.eduEthernet adapter Local Area Connection:Connection-specific DNS Suffix . : mydomains.eduDescription . . . . . . . . . . . : 3Com 3C920 Integrated Fast EthernetController (3C905C-TX Compatible)Physical Address. . . . . . . . . : 00-B0-D0-74-A8-A4DHCP Enabled. . . . . . . . . . . : YesAutoconfiguration Enabled . . . . : YesIP Address. . . . . . . . . . . . : 192.168.26.29Subnet Mask . . . . . . . . . . . : 255.255.240.0Default Gateway . . . . . . . . . : 192.168.16.100DHCP Server . . . . . . . . . . . : 192.168.30.254DNS Servers . . . . . . . . . . . : 192.168.20.1192.168.25.1192.168.30.1129.79.1.1129.79.5.100Primary WINS Server . . . . . . . : 192.168.30.254Secondary WINS Server . . . . . . : 192.168.30.253Lease Obtained. . . . . . . . . . : Saturday, February 02, 2002 12:03:14PMLease Expires . . . . . . . . . . : Sunday, February 03, 2002 12:03:14 PMC:> Notice that this gives you allsorts of networking information, including your IP, Gateway, MAC Address, DNS server and Host Name.Linux/Unix:Use the "ifconfig" command to find the IP of the box.bash-2.04$ /sbin/ifconfigeth0 Link encap:Ethernet HWaddr 00:C0:F0:31:9F:10inet addr:192.168.30.130 Bcast:192.168.31.255 Mask:255.255.240.0UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:21353979 errors:2 dropped:0 overruns:0 frame:2TX packets:20342701 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:100Interrupt:11 Base address:0xde00lo Link encap:Local Loopbackinet addr:127.0.0.1 Mask:255.0.0.0UP LOOPBACK RUNNING MTU:16436 Metric:1RX packets:2234607 errors:0 dropped:0 overruns:0 frame:0TX packets:2234607 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0bash-2.04$ If you are SSH/telneting to the box and you want to find the IP you are attaching from use the "finger" command with no parameters. bash-2.04$ fingerLogin Name Tty Idle Login Time Office Office Phoneadrian Adrian Crenshaw pts/3 Feb 2 14:57 (192.168.26.29)root root pts/0 1:53 Jan 28 17:25 (tux:2)root root pts/1 4d Jan 25 14:57root root pts/2 8d Jan 25 14:57 (tux:2)bash-2.04$All OSes:The IP found using the instructions above is the IP your computers NIC (Network Interface Card) or modem has, if you are hooked to a home router or some other kind of NAT box the IP the world sees as you when you connect to other hosts will be different. To find you WAN IP (the IP the world sees when you are behind a NAT box or a Proxy) go to one of the following sites:http://www.rootsecure.net/?p=your_iphttp://www.ipchicken.com/http://www.whatismyip.com/http://checkip.dyndns.org/How do I find out if an IP is contactable?If the host is not blocking ICMP echo requests (type 8, code 0) try using the "ping" command, it should work from any Unix like OS and from Windows.UP: C:>ping 192.168.30.130Pinging 192.168.30.130 with 32 bytes of data:Reply from 192.168.30.130: bytes=32 time<10ms TTL=255Reply from 192.168.30.130: bytes=32 time<10ms TTL=255Reply from 192.168.30.130: bytes=32 time<10ms TTL=255Reply from 192.168.30.130: bytes=32 time<10ms TTL=255Ping statistics for 192.168.30.130:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 0ms, Average = 0msC:> Not UpC:>ping 192.168.30.133Pinging 192.168.30.133 with 32 bytes of data:Request timed out.Request timed out.Request timed out.Request timed out.Ping statistics for 192.168.30.133:Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 0ms, Average = 0msC:>If the host is behind a firewall blocking ICMP echo requests then you will have to look into other ways of enumerating the network, like Hping ( http://www.hping.org/ )How do I find out what organization owns an IP?Easiest way is to use the online tools from http://samspade.org/t/ (use IP Whois) or download their Windows tools and use them on your box. Arwin offers a similar CGI at http://ws.arin.net/cgi-bin/whois.pl if Sam Spade does not work for you. There is also a host of tools built into the SamSpade utility for Windows, which you can download from http://www.samspade.org/ssw/ .How do I find out what OS a box is running?You can tell what OS a box is running in a few ways. Knowing what ports are open on the box will give you some good guesses (for instance port 6000 is used for X-windows, it being open probably means the box is running some kind of Unix). The easiest way to find this info is to use the "nmap" utility from http://www.insecure.org/nmap/ ( also available on the Knoppix Linux Boot CD ( http://www.knoppix.org/ ) or Trinux boot disk ( http://sourceforge.net/projects/trinux/ ) ) and do an OS fingerprint like so:[root@tux adrian]# nmap -O tux.mydomains.eduStarting nmap V. 2.54BETA26 ( [url]www.insecure.org/nmap/[/url] )Adding open port 22/tcpAdding open port 1024/tcpAdding open port 25/tcpAdding open port 80/tcpAdding open port 110/tcpAdding open port 993/tcpAdding open port 6002/tcpAdding open port 5902/tcpAdding open port 111/tcpAdding open port 443/tcpAdding open port 21/tcpAdding open port 995/tcpAdding open port 23/tcpAdding open port 143/tcpAdding open port 139/tcpAdding open port 515/tcpInteresting ports on tux.mydomains.edu (192.168.30.130):(The 1532 ports scanned but not shown below are in state: closed)Port State Service21/tcp open ftp22/tcp open ssh23/tcp open telnet25/tcp open smtp80/tcp open http110/tcp open pop-3111/tcp open sunrpc139/tcp open netbios-ssn143/tcp open imap2443/tcp open https515/tcp open printer993/tcp open imaps995/tcp open pop3s1024/tcp open kdm5902/tcp open vnc-26002/tcp open X11:2Remote operating system guess: Linux Kernel 2.4.0 - 2.4.5 (X86)Uptime 9.033 days (since Fri Jan 25 14:55:20 2002)Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds[root@tux adrian]#Notice the part in red indicate the likely OS. Be careful about using tools like "nmap", the site you are targeting may give your local admin a call asking why you are scanning their site. Also make sure your copy of Nmap is up to date so it has the newest OS fingerprints, the version I used in the above example is kind of old.You can also find out sometimes by using the "What's that site running" cgi at Netcraft, which does a banner grab for you.Tutorialul continua, il voi completa imediat ce pot.! Quote
