Thamdhz Posted December 30, 2010 Share Posted December 30, 2010 Hi All, I am trying to find out model information/os version of a particular nortel business ap I am connected too. When I probe with Cain & able it only seem to find the manf. and not much else information. Anyone know of an alternative program to find out detailed info on this particular ap? Thanks Quote Link to comment Share on other sites More sharing options...
digininja Posted December 30, 2010 Share Posted December 30, 2010 nmap with -O does OS detection and if you add -sV then you'll get info on the services running as well. You might be able to work it out from that. Quote Link to comment Share on other sites More sharing options...
Thamdhz Posted December 30, 2010 Author Share Posted December 30, 2010 (edited) oh nice, thanks for the info. Haven't done it yet but I just noticed a linksys ap over here, when I go try to access the webgui I get a nortel business secure router page? A lil confused as to why this is..any ideas? Edited December 30, 2010 by Thamdhz Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted December 30, 2010 Share Posted December 30, 2010 Not sure, should you really be playing with it? Quote Link to comment Share on other sites More sharing options...
digip Posted December 30, 2010 Share Posted December 30, 2010 oh nice, thanks for the info. Haven't done it yet but I just noticed a linksys ap over here, when I go try to access the webgui I get a nortel business secure router page? A lil confused as to why this is..any ideas? A few things could be happening there. 1 the SSID might be fake, and not a linksys, or two, their web gui for the Linksys router is on an alternate port, even https, which can be set in the routers settings, and instead, they forward port 80 to the Nortel service, if it isn't itself the Nortel anyway. Quote Link to comment Share on other sites More sharing options...
Thamdhz Posted December 30, 2010 Author Share Posted December 30, 2010 (edited) True I tried connecting on port 443 and its the same login page.. I actually got physical access to the ap and unplugged the power..I lost connection so I know its deff the ap I am connecting too. Maybe the nortel is on a completely different port? And I'm NOT doing anything malicious or harmful just messing around , thats all. Thanks for the replies.. Edited December 30, 2010 by Thamdhz Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted December 30, 2010 Share Posted December 30, 2010 A few things could be happening there. 1 the SSID might be fake, and not a linksys, or two, their web gui for the Linksys router is on an alternate port, even https, which can be set in the routers settings, and instead, they forward port 80 to the Nortel service, if it isn't itself the Nortel anyway. Most wireless devices like a printer for instance broadcasts its SSID. It could be that the device you are trying to connect to may be a printer or another device that is not an access point at all. Quote Link to comment Share on other sites More sharing options...
Thamdhz Posted December 30, 2010 Author Share Posted December 30, 2010 Most wireless devices like a printer for instance broadcasts its SSID. It could be that the device you are trying to connect to may be a printer or another device that is not an access point at all. I am connecting to a free public open Linksys ap and just curious as to why I am getting a nortel web login , originally was just trying to probe the network to see what model and os version I was connecting to but that will be another day. Thanks for the reply.. Quote Link to comment Share on other sites More sharing options...
digip Posted December 30, 2010 Share Posted December 30, 2010 I wonder if someone could be MITM'ing. If you have physical access, walk up and get the MAC address off of it. Then go back to your machine and connect and check the mac address of your gateway to make sure they match. If they don't, then you aren't directly on the "linksys" connection you speak of, even if your connection drops. Or, they just have it setup to forward to that device. Its possible they also disabled wireless configuring of the AP and can only be done over a wired connection. Thats how I set mine up at home. Quote Link to comment Share on other sites More sharing options...
digininja Posted December 30, 2010 Share Posted December 30, 2010 Most wireless devices like a printer for instance broadcasts its SSID. It could be that the device you are trying to connect to may be a printer or another device that is not an access point at all. Are you saying you've seen printers, which are clients, sending out beacons? That would be against the 802.11 standards I would have thought. Quote Link to comment Share on other sites More sharing options...
digip Posted December 31, 2010 Share Posted December 31, 2010 Are you saying you've seen printers, which are clients, sending out beacons? That would be against the 802.11 standards I would have thought. Yeah, I think you are right, as printers might send probes probably using uPnP or such, but probably not beacons. Wireless print servers might send beacons though, although I've not played with one personally so can't test that, but then again, I don't know what the device truly is, is it a wireless card for printers, or an actual AP/Router/Bridge, etc? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted December 31, 2010 Share Posted December 31, 2010 (edited) Are you saying you've seen printers, which are clients, sending out beacons? That would be against the 802.11 standards I would have thought. I was referring to the wireless connectivity in the printer. I own a Cannon printer, which has wireless connectivity capabilities built in to it. So when enabled, it broadcasts its SSID just like a normal access point would. And then you can connect to it, from your computer. Edited December 31, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
digininja Posted December 31, 2010 Share Posted December 31, 2010 So basically it is a printer with a built in access point, that makes sense now. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted December 31, 2010 Share Posted December 31, 2010 So basically it is a printer with a built in access point, that makes sense now. Sorry wasn't clear enough! Quote Link to comment Share on other sites More sharing options...
Thamdhz Posted December 31, 2010 Author Share Posted December 31, 2010 Hey thanks for the replies.. I forgot to mention , yesterday when I was messing around I got the mac from my arp cache and checked it against this website >> http://www.coffer.com/mac_find/ (great webtool) , and got the vendor nortel networks.. So yea I am guessing that maybe the wireless config of the ap is disabled by wireless users..but when I get go to my gateways address I get the nortel's webgui and when I turn the linksys ap off I lose connection.. still wanna know how this network is configured.. going to try to get physical access to the network when I go back .. and btw I thought that wireless printers only broadcast as an ad-hoc netowrk? anyways Happy New Year! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.