Nmap Announce mailing list archives
Nmap and xlogmaster
From: Erik Parker <netmask () 303 org>
Date: Thu, 28 Jan 1999 17:14:28 -0600 (CST)
On a machine of ours, I tested using xlogmaster and nmap.. This could have been done several ways, but since we run xlogmaster, this is how I did it. We run tcplog on the machine, and when a connection attempt occurs it shows: Jan 28 15:39:33 auth4 tcplog[68]: ssh connection attempt from localhost (127.0.0.1):1059 So.. Using xlogmaster, anytime it see's "ssh connection attempt" it executes /root/program /root/program contains: tail /var/log/messages | grep -i "ssh connection attempt from" |awk '{print $10}'|xargs nmap -O >> /root/nmaplog That way it logs all the open ports, and tries to guess their OS. Two things... Is there a way to get it to show the actual fingerprint that it comes back with, in addition to its guess? ANd using the -o option, for output to logfile, is there, or plans for an append option to that. I don't want to lose the logs everytime it tries, so for now I'll use >> Erik Parker netmask () 303 org http://radio.cuervocon.org/ramgen/encoder/live.rm Real Audio G2 - Wednesday Nights 10pm-2am CST. "Signals from Dementia" - By Dj-Netmask Industrial / Hard Rock / Techno / Psycho Stories
Current thread:
- Nmap and xlogmaster Erik Parker (Jan 28)
- Re: Nmap and xlogmaster Max Vision (Jan 28)
- Re: Nmap and xlogmaster Adam Shostack (Jan 28)
- Re: Nmap and xlogmaster Lamont Granquist (Jan 28)
- Re: Nmap and xlogmaster Erik Parker (Jan 28)
- Re: Nmap and xlogmaster HD Moore (Jan 28)
- Re: Nmap and xlogmaster Lamont Granquist (Jan 29)
- Re: Nmap and xlogmaster Steve Palmer (Jan 28)
- Re: Nmap and xlogmaster Lamont Granquist (Jan 29)
- Re: Nmap and xlogmaster Dave Dittrich (Jan 29)
- Re: Nmap and xlogmaster Max Vision (Jan 28)