I think an NMAP scan show if a nic is a vmware nic. I seam to remember either
Nessus or NMAP showing it the last time I ran a scan on a subnet that had
VMWare running.
Take Care --John
-------------- Original message ----------------------
From: Tobias Glemser <tglemser@tele-consulting.com>
> Nitin,
>
> > While scanning networks how good is nessus in identifying VMWare
> > running machines?
> There seems to be no plugin doing that (altough it seems to be a good
> idea to me). But as long as the MAC Adresses within the VMware are not
> changed, you can identify those systems by having a look at the vendor
> part of the MAC. I would just do a quick nmap scan to resolve that.
>
> [root@26 ~]# nmap -sS -O mysystem.mynetwork.local
> Starting Nmap 4.20 ( http://insecure.org ) at 2006-12-21 12:06 CET
> Interesting ports on mysystem.mynetwork.local:
> Not shown: 1696 filtered ports
> PORT STATE SERVICE
> 22/tcp open ssh
> MAC Address: 00:0C:29:74:34:44 (VMware)
>
>
> > Does nesssus scan and report OS and Applications on VMWare
> > successfully?
> Mandriva Linux 10.2 on VMware-Server
>
> Security Note found (general/tcp)
> Plugin-ID 11936
> Description Nessus was not able to reliably identify the remote
> operating system. It might be:
> IBM OS/400
> Linux Kernel 2.4
> SCO UnixWare 8.0
>
> Mandriva Linux 10.2 on "real" device (same patchlevel as vmware
> installation)
>
> Security Note found (general/tcp)
> Plugin-ID 11936
> Description The remote host is running Linux Kernel
> 2.6.12-27mdk-i686-up-4GB (i386)
>
> It seems like the beaviour for fingerpriting the OS changes (Layer 2(?),
> 3 and 4) when using VMware. This does not affect any application, for
> the fingerprinting mechanisms can only base on the beaviour of the
> applications themselves (Layer 5-7).
> This makes it a princible driven problem, so every OS detection I know
> will fail. E.g. nmap
>
> Mandriva Linux 10.2 on VMware-Server
> Device type: general purpose|printer|WAP|specialized|storage-misc
> Running (JUST GUESSING) : Linux 2.6.X|2.4.X (92%), Xerox embedded
> (88%), etc etc etc
>
> Mandriva Linux 10.2 on "real" device (same patchlevel as vmware
> installation)
> Device type: general purpose
> Running: Linux 2.6.X
> OS details: Linux 2.6.9 - 2.6.12 (x86)
>
> Cheers,
>
> Toby
>
> Shingari, Nitin V. schrieb:
> > Hi folks,
> >
> >
> >
> > While scanning networks how good is nessus in identifying VMWare running
> > machines?
> >
> > Does nesssus scan and report OS and Applications on VMWare successfully?
> >
> >
> >
> > Warm Regards
> >
> > Nitin Shingari
> >
> > nvshingari@ipolicynetworks.com
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Nessus mailing list
> > Nessus@list.nessus.org
> > http://mail.nessus.org/mailman/listinfo/nessus
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
|