MacOS – a Mac OS X equivalent of McAfee Security network mapping

macosNetwork

We have multiple computers of different OS in a network. Mine is Mac OS X and most others are Window XP or 7. I will need to help monitor what computer gets connected. In past, I use Windows and have McAfee security which products a real-time map of all connected computers including each IP and Computer name.

Now using Mac OS X, I find nothing I can use. I tried nmap and Zenmap, but neither provides computer name, and neither is real-time monitor and scanning takes forever. There is NetworkView but it only works on Window machines.

What can I use?

Best Answer

Zenmap can Absolutely provide NetBIOS names (the names you are referring to).

Furthermore, you can tweak the nMap scan to only scan for up IP addresses, and NetBIOS details, which should really significantly reduce the scan duration.

Furthermore, it should, if you are willing to fall back to the terminal, be possible to make it update pretty rapidly, maybe every ~30 seconds.

For example, with the Zenmap command of:

nmap -sU -p 137 --script nbstat.nse 10.1.1.1/24

Note: I use the 10.1.1.1 IP prefix. in your case, this will likely be 192.168.something.something
The /24 is the netmask. In this case, it causes nMap to scan everything from 10.1.1.0 - 10.1.1.255. To use, you just paste the line above into the "Command" entry box in Zenmap

Here is a scan of my LAN:

Starting Nmap 5.51 ( http://nmap.org ) at 2012-01-27 05:59 Pacific Standard Time
Nmap scan report for 10.1.1.1
Host is up (0.00s latency).
PORT    STATE         SERVICE
137/udp open|filtered netbios-ns
MAC Address: -snip- (Super Micro Computer)

Nmap scan report for 10.1.1.2
Host is up (0.00s latency).
PORT    STATE  SERVICE
137/udp closed netbios-ns
MAC Address: -snip- (Super Micro Computer)

Skipping UDP Scan against 10.1.1.4 because Windows does not support scanning your own machine (localhost) this way.
Nmap scan report for 10.1.1.4
Host is up.
PORT    STATE   SERVICE
137/udp unknown netbios-ns

Nmap scan report for 10.1.1.10
Host is up (0.00s latency).
PORT    STATE SERVICE
137/udp open  netbios-ns
MAC Address: -snip- (Thecus Technology)

Host script results:
| nbstat: 
|   NetBIOS name: IED, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
|   Names
|     IED<00>              Flags: <unique><active>
|     IED<03>              Flags: <unique><active>
|     IED<20>              Flags: <unique><active>
|     \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>
|     MYGROUP<1d>          Flags: <unique><active>
|     MYGROUP<1e>          Flags: <group><active>
|_    MYGROUP<00>          Flags: <group><active>

Nmap scan report for 10.1.1.15
Host is up (0.00s latency).
PORT    STATE  SERVICE
137/udp closed netbios-ns
MAC Address: -snip- (Pegatron)

Nmap scan report for 10.1.1.18
Host is up (0.00062s latency).
PORT    STATE    SERVICE
137/udp filtered netbios-ns
MAC Address: -snip- (Microsoft)

Nmap scan report for 10.1.1.19
Host is up (0.00s latency).
PORT    STATE SERVICE
137/udp open  netbios-ns
MAC Address: 8C:89:A5:5B:4A:5F (Unknown)

Host script results:
| nbstat: 
|   NetBIOS name: DERPLE, NetBIOS user: <unknown>, NetBIOS MAC: -snip- (unknown)
|   Names
|     DERPLE<00>           Flags: <unique><active>
|     WORKGROUP<00>        Flags: <group><active>
|_    DERPLE<20>           Flags: <unique><active>

Nmap scan report for 10.1.1.31
Host is up (0.00s latency).
PORT    STATE SERVICE
137/udp open  netbios-ns
MAC Address: -snip- (Apple)

Host script results:
| nbstat: 
|   NetBIOS name: ICRAP, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
|   Names
|     ICRAP<03>            Flags: <unique><active>
|     ICRAP<20>            Flags: <unique><active>
|     ICRAP<00>            Flags: <unique><active>
|     \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>
|     WORKGROUP<1d>        Flags: <unique><active>
|     WORKGROUP<1e>        Flags: <group><active>
|_    WORKGROUP<00>        Flags: <group><active>

Nmap scan report for 10.1.1.40
Host is up (0.00s latency).
PORT    STATE SERVICE
137/udp open  netbios-ns
MAC Address: -snip- (Unknown)

Host script results:
| nbstat: 
|   NetBIOS name: GOD-BLOR, NetBIOS user: <unknown>, NetBIOS MAC: -snip- (unknown)
|   Names
|     GOD-BLOR<00>         Flags: <unique><active><permanent>
|     WORKGROUP<00>        Flags: <group><active><permanent>
|_    GOD-BLOR<20>         Flags: <unique><active><permanent>

Nmap scan report for 10.1.1.55
Host is up (0.0030s latency).
PORT    STATE SERVICE
137/udp open  netbios-ns
MAC Address: -snip- (Brother Industries)

Host script results:
| nbstat: 
|   NetBIOS name: BRN001BA9391452, NetBIOS user: <unknown>, NetBIOS MAC: -snip- (Brother Industries)
|   Names
|     BRN001BA9391452<00>  Flags: <unique><active>
|_    BRN001BA9391452<20>  Flags: <unique><active>

Nmap done: 256 IP addresses (10 hosts up) scanned in 9.40 seconds

As you can see, it has resolved the information for all computers on my LAN that are reporting NetBIOS information. It also did all the above in ~9.4 seconds.

I did this on my windows computer because my mac (Apparently appropriately named iCrap, as you can see in the scan results) is freaking out at the moment, and I cannot restart it because I have some big file transfers in process. Nmap is platform agnostic, so the platform on which you do this scan should not matter. I did test this on the mac from the command line only, and it worked fine there too (well, it did trip the flood protection on my managed switch, but that's another issue).

I've edited the MAC address out from the scan.

I can add more information on how to set this up to scan continuously from the command line, if you would like.

You can see more information on the nbstat.nse script that I am using to query NetBIOS information here.

The nmap brief man page is also very useful, for understanding what is going on.

Related Question