August 05, 2019

What kind of Machine is it?

Gregory Morawietz

You scan your network but now what? You don't know what the devices are on the network and you just have a long list of IP Addresses.  You need to figure out what they are.  

Your monitoring system or scanner can tell you what it is or might be. It can tell you what it thinks it is, but if it doesn't here is what you can do, make sure you are a domain admin when you run these commands for windows.  

systeminfo /s IP ADDRESS

Another windows tool 

WMIC /NODE:hostname OS

This will tell you what it is, what os etc.  

Then if you have a linux system 

nmap -O -v IP ADDRESS

Then you can do several other things.  

  1.  Go to the device ip address with a browser, if it is a printer or firewall it will bring up a login screen, remember to try and use HTTPS:// if HTTP:// doesn't work.  
  2.  SSH into the box
  3.  Telnet into the box, that is old school but it can be helpful on old printers
  4.  Drastic Measures - go to the port on the switch if you have a smart switch, or go to where the machine is plugged into a smart switch and then look at its mac address, manufacturers keep separate macs and you might be able to tell what manufacturer it is based on its mac prefix. This might not tell you the OS but it can reveal what it is.  
  5. Try and RDP into it or remote control it with a remote control app

If you are on a completely windows network, you can also use Ping -a IP Address.  Once you have the machine name you can look it up in Active Directory and it should tell you what it is in there.  

Use these techniques to figure out what machines are using the ip addresses on the network.  

