RE: Nmap for Cisco Routers

["Alex R" <alex () deviousmeans net>]

On the other hand SNMP is not enabled by default on most (I think all) Cisco
routers. So if someone has enabled SNMP there is a good chance they know
what they are doing and have secured it. It is possible to grab the config
off the router if you have the proper read permissions though.

-----Original Message-----
From: MadHat [mailto:madhat () unspecific com] 
Sent: Friday, December 03, 2004 4:32 PM
To: Ankam, Pankaj; NMAP-DEV
Subject: Re: Nmap for Cisco Routers

On Dec 2, 2004, at 10:10 PM, Ankam, Pankaj wrote:
> Hi All,
> I am using NMap for finding network devices such as routers, switches,
> etc. Is there anyway, by which I can get information from the routers
> such as access control list on an interface, currently running 
> services,
> etc.
> If yes, then can some one point me in the right direction? Web site?
> News groups? etc...

Not using nmap by itself.

you can get the info with snmp, sort of.  You can get some cisco 
devices to do a tftp copy of the configs with snmp if you have write 
permissions.  It does depend on the device, but I think most routers 
and switches support it, while the PIX does not (last I checked).  
Other than that, you can script out using expect or perl (or others) to 
log in via ssh or telnet to get the configs.


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org





---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org