当前位置: 文江博客话题详情

识别非计算机网络设备?

发布于 2024-11-16 20:36:07 字数 199 浏览 5 评论 0原文

我目前正在开发一个程序,可以扫描我的网络并发现网络上的计算机和设备。我使用各种操作来查找我发现的设备上的数据,但希望将网络设备与计算机区分开来。我想知道是否有人知道我该怎么做?

我研究了一下 SNMP,并尝试连接到我的网络打印机、路由器和调制解调器。但我似乎只能连接到打印机,路由器或调制解调器都没有响应。

有没有其他方法可以识别IP地址属于哪类设备?

原文

I'm current working on a program that scans my network and discoveres computers and devices on the network. I use various operations to find data on the devices I discover, but want to distinguish the network devices from computers. And I'm wondering if anyone knows how I could do this?

I looked a bit at SNMP, and tried connecting to my network printer, router and modem. But I seem to only be able to connect to the printer, neither the router or modem responds.

Is there another way to identify what kind of a device an IP address belongs to?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

触ぅ动初心 2024-11-23 20:36:07

使用诸如 nmap 之类的命令行工具,您可以对设备进行指纹识别,这可以为您提供各种信息。

也许您可以通过 C# 调用 nmap 并读回响应。

另一种选择是查找给定 MAC 地址的网络芯片供应商。但我不确定这会给你多少细节。

这是来自 nmap 站点的示例

# nmap -O -v scanme.nmap.org

Starting Nmap ( http://nmap.org )
Nmap scan report for scanme.nmap.org (64.13.134.52)
Not shown: 994 filtered ports
PORT    STATE  SERVICE
22/tcp  open   ssh
25/tcp  closed smtp
53/tcp  open   domain
70/tcp  closed gopher
80/tcp  open   http
113/tcp closed auth
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.20-1 (Fedora Core 5)
Uptime guess: 11.433 days (since Thu Sep 18 13:13:01 2008)
TCP Sequence Prediction: Difficulty=204 (Good luck!)
IP ID Sequence Generation: All zeros

Nmap done: 1 IP address (1 host up) scanned in 6.21 seconds
           Raw packets sent: 2021 (90.526KB) | Rcvd: 23 (1326B)

Using a command line tool such as nmap you can finger print the device which can give you all sorts of information.

Perhaps you can call nmap via c# and read back the response.

Another alternative is to look up the network chip vendor of a given MAC address. But I'm not sure how much detail that will give you.

Here is the example from the nmap site:

# nmap -O -v scanme.nmap.org

Starting Nmap ( http://nmap.org )
Nmap scan report for scanme.nmap.org (64.13.134.52)
Not shown: 994 filtered ports
PORT    STATE  SERVICE
22/tcp  open   ssh
25/tcp  closed smtp
53/tcp  open   domain
70/tcp  closed gopher
80/tcp  open   http
113/tcp closed auth
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.20-1 (Fedora Core 5)
Uptime guess: 11.433 days (since Thu Sep 18 13:13:01 2008)
TCP Sequence Prediction: Difficulty=204 (Good luck!)
IP ID Sequence Generation: All zeros

Nmap done: 1 IP address (1 host up) scanned in 6.21 seconds
           Raw packets sent: 2021 (90.526KB) | Rcvd: 23 (1326B)
回复 原文
爱给你人给你 2024-11-23 20:36:07

首先,这个答案对以太网有偏见。
这些想法也可以为其他场景提供提示。

有很多方法可以实现这一点,例如:

  • 扫描
  • 有针对性的发现
  • 被动流量监控

扫描

可能的,例如使用nmap。

优点:

  1. 可以发现未知设备和服务。被懒惰的系统管理员遗忘由不受信任的用户安装
  2. 可以成为发现服务和安全审计的有用工具。
  3. 对于新手来说,这听起来是最好的方法:从头开始,找到全部。坏消息:阅读缺点。

缺点:

  1. 效率非常低。如果您从头开始 - 您对 LAN 一无所知 - 并且您想要找到每个可能的服务,则必须扫描每个可能的主机的几乎所有 tcp 和 udp 端口​​。
  2. 结果并不是 100% 负担得起:硬件或软件防火墙;等等...下一次运行可能会导致完全不同的结果。
  3. 结果不是简单的 i_got_it / null,而是模糊的:您需要专家来评估结果。
  4. 有时您的电脑上必须有管理员帐户才能运行此扫描。
  5. 某些 IDS 会将这一活动记录为不良活动。

有针对性的发现

如果你的目标是映射你的网络、官方服务,你可以考虑一下他们的官方发现能力。例如CDP、SSDP、srvloc、snmp get广播等...
您必须知道您正在探测哪些服务。

优点:

  1. 这是最有效的方式,无论是最大速度还是最小网络带宽。
  2. 结果是可靠的:下次运行必须返回相同的结果(显然,如果服务和网络保持活动状态)。
  3. 这是检查服务可用性并考虑 SLA 的方法。
  4. 您不需要专家:例如,如果设备响应 snmp get SysDescr,您就知道您的数据。你会得到确切的答案,否则你就会错过它。

缺点:

  1. 您必须知道您正在探测什么服务。
  2. 您不能使用它来确定找到设备/服务。这既不是安全审计,也不是发现工具。例如:我将我的http服务器监听端口更改为81,你如何找到我?

被动流量监控

曾几何时,您会发现以太网主机通过铜缆(CAT3 / CAT5)连接到集线器。
您可以在这些主机中的任何一个上运行一个程序来捕获所有流量,将以太网卡置于混杂模式,以便 NIC 将所有数据包传递给操作系统,以及 MAC 目标与主机的 MAC 地址不同的数据包。网卡。

你的程序可以分析这些原始数据,并解析里面的协议和数据包。

如今您使用以太网交换机,而不是集线器。您的电脑网卡在混杂模式下不会接收网络上的所有流量,因为交换机仅将您的主机或所有主机的数据包转发给您(广播和 - 如果注册 - 多播)。

您必须使用管理型交换机,并将其中一个端口配置为中继器或监控端口,以链接监控主机。

优点:

  1. 如果做得正确,这是被动监控。这对于特定评估非常有用,在这种情况下,您无法在被测网络上发送任何数据包,并且您遵守强 SLA。
  2. 要收集网络流量,您不必了解协议和服务配置。例如,您可以从主机中删除 tcp/ip 堆栈,保留以太网卡的驱动程序并收集流量。
  3. 使用带有监控端口的托管交换机,您不必将 NIC 置于混杂模式/调整 tcp/ip 堆栈。
  4. libpcap / winpcap 是捕获数据包的事实标准,并且它有效。在开发自己的应用程序之前,您可以使用一些 GUI 前端,例如Analyzer 或Wireshark。
  5. 它也可以成为发现服务和安全审计的有用工具。

缺点:

  1. 您是否必须确保不在被测网络上发送数据包?如果您有集线器,也请使用带有中继器端口的托管交换机。中继器端口只能接收网络流量。
  2. 要捕获高吞吐量的数据(例如 1 Gbit),您必须调整操作系统配置,否则 CPU 会满载,而您仍然会丢失数据包。忘记了 ms windows 这个东西。
  3. 显然,您只能看到实时流量,看不到任何未传输的服务。
  4. 请参阅扫描的缺点 3、4。这很接近观察电线上的位,就像电子工程师的示波器。您捕获所有数据,稍后您需要专家^2 来评估它们。是的,稍后,因为详细分析错误和故障非常耗时。

这是一个简单的傻瓜发现介绍。发现工具可以混合使用两种方式来查找网络上的设备和服务。

例如,HP JetAdmin 发现使用不同的方法仅查找 HP 网络打印机和扫描仪,而不是查找 LAN 上的所有设备。

First, this answer is biased on ethernet networks.
The ideas can be tips also for other scenarios.

There is many ways to accomplish this, for example :

  • scanning
  • targeted discovery
  • passive traffic monitoring

scanning

Possible, for example, with nmap.

Pro :

  1. Can discover unknown devices and services. forgotten by lazy sysadmins or installed by untrusted users.
  2. Can be a useful tool to discover services and security audit.
  3. For newbies, it sounds the best way : start from scratch, find them all. Bad news : read the cons.

Cons:

  1. It is very inefficient. If you start from scratch - you know nothing about the LAN - and you want to find every possible service, you have to scan almost all the tcp and udp ports for every possible host.
  2. The results aren't 100 % affordable : hw or sw firewalls; etc... The next run can lead to quite a different result.
  3. The results aren't a simple i_got_it / null, but fuzzy : you need an expert to evaluate the results.
  4. Sometimes you must have a admin account on your pc to run this scanning.
  5. Some IDS can log this activity as bad one.

targeted discovery

If your goal is to map your network, the official services, you can think about their official discovery capabilites. For example CDP, SSDP, srvloc, snmp get broadcast, etc...
You have to know what services you are probing.

Pro:

  1. This is the most efficient way, both max speed and min network bandwidth.
  2. The result is reliable : next run must return the same result ( obviously if the services and network stay alive ).
  3. This is the way to check services availability, and account for SLA.
  4. You don't need an expert : e.g. if a device answers to snmp get SysDescr, you know your data. You get the exact answer or you miss it.

Cons:

  1. You have to know what services you are probing.
  2. You cannot use this to be sure to found devices / services. This is nor a security audit neither a discovery tool. For example : I change my http server listen port to 81, how do you find me ?

passive traffic monitoring

Once upon a time, you find ethernet hosts linked with copper cables ( CAT3 / CAT5 ) to hubs.
You can run on any of these hosts a program to capture all the traffic, putting the ethernet card in promiscous mode, so the NIC pass to the operating system all the packets, also the packets with a MAC destination different than the MAC address of the NIC.

Your program can analyze these raw data, and parse the protocols and packets inside.

Nowadays you use ethernet switches, not hubs. Your pc' NIC in promiscous mode doesn't receive all the traffic on the network, because the switch forwards to you only the packets for your host or for all ( broadcast and - if registered - multicast ).

You have to use managed switches, and configured one port to be a repeater or monitor port, to link the monitoring host.

Pro:

  1. This is passive monitoring - if done right. This can be useful for specific assessment, where you cannot send any packet on the network under test, and you respect strong SLA.
  2. To collect the nw traffic, you have not to know the protocols and services configuration. For example, you can remove from your host the tcp/ip stack, leave the driver of your ethernet card, and collect the traffic.
  3. Using managed switch with a monitor port, you don't have to put the NIC in promiscous mode / tweak you tcp/ip stack.
  4. libpcap / winpcap is the de facto standard to capture packets, and it works. You can play with some GUI frontend, like Analyzer or Wireshark, before to develop your own application.
  5. It ban be a useful tool to discover services and security audit, too.

Cons:

  1. Do you have to be sure to not send packets on the network under test ? Use a managed switch with a repeater port, also if you have hubs. The repeater port can only receive network traffic.
  2. To capture a high troughput of data, like on 1 Gbit, you have to tweak your operating system configuration, otherwise cpus rise to full load and you still loose packets. Forgot ms windows for this stuff.
  3. Obviously, you see only the live traffic, nothing about services not transmitting.
  4. See the Cons 3, 4 of scanning. This is near to watch the bits on the wires, it is like the oscilloscope for electronic engineers. You capture all the data, later you need a expert^2 to evaluate them. Yes, later, because analyzing in detail the errors and glitches is very time consuming.

This is a simple discovery for dummies intro. Discovery tools can mix both ways to look for devices and services on the network.

For example, HP JetAdmin discovery uses different methods only to look for HP network printers and scanners not for all the devices on your LAN.

回复 原文
七度光 2024-11-23 20:36:07

我的话可能看起来很简单。但大多数实现SNMP的设备都实现了MIB-II。正如您在此处看到的,在“系统”下存在一个名为“sysDescr”的条目,您可以在大部分时间使用该条目来识别设备。

在此处输入图像描述

My remark may look simple. But most of the device that implement SNMP implement the MIB-II. As you can see in here under it exists in 'System' an entry called 'sysDescr' the you can use most of the time to identify the device.

enter image description here

回复 原文
暖阳 2024-11-23 20:36:07

一般来说,您无法通过 IP 找到有关设备的更多信息。使用主机的 MAC 地址,您可以确定网络适配器的制造商。 MAC地址的前半部分是由制造商分配的。

您可以尝试使用 nmap

Nmap(“网络映射器”)是一个免费的开源实用程序,用于网络探索或安全审核。它被设计用于快速扫描大型网络,尽管它对于单个主机也能正常工作。 Nmap 以新颖的方式使用原始 IP 数据包来确定网络上可用的主机、这些主机提供的服务(应用程序名称和版本)、它们运行的​​操作系统(和操作系统版本)、数据包过滤器/防火墙的类型正在使用中,以及数十个其他特性。 Nmap 可在大多数类型的计算机上运行,​​并且提供控制台和图形版本。 Nmap 是免费软件,可根据 GNU GPL 条款提供完整源代码。

In general you cannot find out much about a device from it's IP.Using the MAC address of the host, you could determine the manufacturer of the Network adapter. The first half of MAC addresses are assigned by manufacturer.

You could try using nmap.

Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free software, available with full source code under the terms of the GNU GPL.

回复 原文
~没有更多了~

关于作者

美人迟暮

暂无简介

0 文章
0 评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

missyouangeled

文章 0 评论 0

三生一梦

文章 0 评论 0

压抑⊿情绪

文章 0 评论 0

天涯离梦残月幽梦

文章 0 评论 0

指尖微凉心微凉

文章 0 评论 0

☆獨立☆

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文