Following learning about nmap and its many uses while taking Computer and Information Security, I decided to put one of its most powerful tools, OS detection, to the test in a real-world scenario.
Using the Dog Pound lab in the UTSA Computer Science Department, I set set up a regular cron job that output the results of an OS-detecting scan on all the machines in the lab every 20 minutes. Using this output, I then populated a CSS- and HTML-based framework with the data asynchronously.
Once the initial populating of the graphical map completes, the script regularly checks for updates to the XML document and transparently updates the active OS and OS statistics as needed.
Since each of the machines in the lab is dual-booted with Windows XP and some version of Ubuntu, the active OS of a given machine can change at any time, making the results interesting to watch.
If I end up with an excessive amount of free time in the future, I have considered extending the functionality to indicate which machine terminals are occupied and which are not. With the machines booted into Linux, this would be trivial since my account has SSH access. Running a
who command, tied with some detection of an x-server (to avoid false positives when remote accounts are logged int) would probably suffice. With Windows it’s a bit more tricky, but not impossible. Limited research has turned up an option that may allow for querying one of the Samba ports to determine if there is an active user. However, his is very tentative.
At any rate, this project was a fun little exploration into the power of nmap.