Nmap Announce mailing list archives

Nmap and xlogmaster

From: Erik Parker <netmask () 303 org>
Date: Thu, 28 Jan 1999 17:14:28 -0600 (CST)

On a machine of ours, I tested using xlogmaster and nmap.. This could have
been done several ways, but since we run xlogmaster, this is how I did it.

We run tcplog on the machine, and when a connection attempt occurs it
shows:

Jan 28 15:39:33 auth4 tcplog[68]: ssh connection attempt from localhost
(127.0.0.1):1059

So.. Using xlogmaster, anytime it see's "ssh connection attempt" it
executes /root/program

/root/program contains:

tail /var/log/messages | grep -i "ssh connection attempt from" |awk
'{print $10}'|xargs nmap -O >> /root/nmaplog

That way it logs all the open ports, and tries to guess their OS.

Two things... Is there a way to get it to show the actual fingerprint that
it comes back with, in addition to its guess? ANd using the -o option, for
output to logfile, is there, or plans for an append option to that. I
don't want to lose the logs everytime it tries, so for now I'll use >>




Erik Parker
netmask () 303 org

http://radio.cuervocon.org/ramgen/encoder/live.rm
Real Audio G2 - Wednesday Nights 10pm-2am CST.
"Signals from Dementia" - By Dj-Netmask
Industrial / Hard Rock / Techno / Psycho Stories

Current thread:

Nmap and xlogmaster Erik Parker (Jan 28)
- Re: Nmap and xlogmaster Max Vision (Jan 28)
  - Re: Nmap and xlogmaster Adam Shostack (Jan 28)
  - Re: Nmap and xlogmaster Lamont Granquist (Jan 28)
    - Re: Nmap and xlogmaster Erik Parker (Jan 28)
    - Re: Nmap and xlogmaster HD Moore (Jan 28)
    - Re: Nmap and xlogmaster Lamont Granquist (Jan 29)
    - Re: Nmap and xlogmaster Steve Palmer (Jan 28)
    - Re: Nmap and xlogmaster Lamont Granquist (Jan 29)
    - Re: Nmap and xlogmaster Dave Dittrich (Jan 29)
- Re: Nmap and xlogmaster ajax (Jan 28)