119
You will probably want to do this if you are scanning a range of machines to save time. However, if you dont restrict nmap to a single port, you are more likely to get a useful answer.
Results can be vague at times. This is what nmap returned on one device:
... Remote OS guesses: Cisco Catalyst 1900 switch or Netopia 655-UPOTS ISDN Router,
Datavoice TxPORT PRISM 3000 T1 CSUDSU 6.222.06, MultiTech CommPlete Controlle
r, IBM MVS TCPIP stack V. 3.2, APC MasterSwitch Network Power Controller, AXIS or Meridian Data Network CD-ROM server, Meridian Data Network CD-ROM Server V4.
20 Nov 26 1997, WorldGroup BBS MajorBBS wTCPIP
The correct answer is none of the above. A system that may not be recognized by nmap may be recognized by queso or vice versa.
6.4 Scripts
Since most networks have evolved over time, they are frequently odd collections of equipment for which no single tool may be ideal. And even when the same tool can be used, differences in
equipment may necessitate minor differences in how the tool is used. Since many of the tasks may need to be done on a regular basis, it should come as no surprise that scripting languages are a popular
way to automate these tasks. Getting started can be labor intensive, but if your current approach is already labor intensive, it can be justified.
You will want to use a scripting language with extensions that support the collection of network data. To give an idea of this approach, Tcl and its extensions are briefly described here. Even if you dont
really want to write your own tools, you may want to consider one of the tools based on Tcl that are freely available, most notably tkined.
Tcl was selected because it is provides a natural introduction to tkined. Of course, there are other scripting languages that you may want to consider. Perl is an obvious choice. Several packages and
extensions are available for system and network administration. For example, you may want to look at spidermap. This is a set of Perl scripts that do network scans. For SNMP-based management, youll
probably want to get Simon Leinens SNMP extensions SNMP_Session.pm and BER.pm. Other tools you might also look at include mon and nocol.
6.4.1 TclTk and scotty
Tool Command Language, or Tcl pronounced tickle, is a scripting language that is well suited for network administration. Tcl was developed in the late 1980s by John Ousterhout, then a faculty
member at UC Berkeley. Tcl was designed to be a generic, embeddable, and extensible interpreted language. Users frequently cite studies showing Tcl requires one-tenth the development time required
by CC++. Its major weakness is that it is not well suited for computationally intensive tasks, but that shouldnt pose much of a problem for network management. You can also write applets or tclets
pronounced tik-lets in Tcl.
Tcl can be invoked interactively using the shell tclsh pronounced ticklish or with scripts. You may need to include a version number as part of the name. Here is an example:
120
bsd2 tclsh8.2
This really is a shell. You can change directories, print the working directory, copy files, remove files, and so forth, using the usual Unix commands. You can use the exit command to leave the program.
One thing that makes Tcl interesting is the number and variety of extensions that are available. Tk is a set of extensions that provides the ability to create GUIs in an X Window environment. These
extensions make it easy to develop graphical interfaces for tools. Tk can be invoked interactively using the windowing shell wish. Both Tcl and Tk are implemented as C library packages that can be
included in programs if you prefer.
scotty, primarily the work of Jürgen Schönwälder, adds network management extensions to TclTk. The tnm portion of scotty adds network administration support. The tkined portion of scotty, described
in the next section, is a graphical network administration program. What tnm adds is a number of network management commands. These include support for a number of protocols including ICMP,
UDP, DNS, HTTP, Suns RPC, NTP, and, most significantly, SNMP. In addition, there are several sets of commands that simplify writing network applications. The netdb command gives access to
local network databases such as etchosts, the syslog command supports sending messages to the system logging facilities, and the job command simplifies scheduling tasks. A few examples should
give an idea of how these commands could be used.
You can invoke the scotty interpreter directly as shown here. In this example, the netdb command is used to list the etchost table on a computer:
bsd4 scotty netdb hosts
{localhost.lander.edu 1.0.0.127} {bsd4.lander.edu 239.63.153.205} {bsd4.lander.e
du. 239.63.153.205} {bsd1.lander.edu 231.60.153.205} {sol1.lander.edu 233.60.153
.205} {lnx1.lander.edu 234.60.153.205} exit
The results are returned with each entry reduced to the canonical name and IP address in brackets. Here is the host table for the same system:
bsd4 cat etchosts 127.0.0.1 localhost.lander.edu localhost
205.153.63.239 bsd4.lander.edu bsd4 205.153.63.239 bsd4.lander.edu.
205.153.60.231 bsd1.lander.edu bsd1 205.153.60.233 sol1.lander.edu sol1
205.153.60.234 lnx1.lander.edu lnx1
Note that there is not a separate entry for the alias bsd4. Here are a few examples of other commands. In the first example, the name of the protocol with a
value of 1 is looked up in etcprotocols using the netdb command:
netdb protocols name 1 icmp
In the second example, a reverse DNS lookup is done for the host at 205.153.63.30:
121
dns name 205.153.63.30 sloan.lander.edu
Finally, an ICMP ECHO_REQUEST is sent to www.cisco.com:
icmp echo www.cisco.com {www.cisco.com 321}
The response took 321 ms. Other commands, such as snmp, require multiple steps to first establish a session and then access information. Examples are given in
Chapter 7 . If you are interested in using
these tools in this manner, you will first want to learn Tcl. You can then consult the manpages for these extensions. A number of books and articles describe Tcl, some of them listed in
Appendix B .
The source is freely available for all these tools.
6.5 Mapping or Diagramming
