I can use traceroute to find the route from my host to a remote host. is it possible for me to check what are the brand/model of the routers in the route?
for example, is it a cisco router or huawei router or HP router, etc...
thanks!
-
If it is on the same subnet, you can arp -a and then run the MAC address on a MAC vendor lookup website. Other than that you could try to use snmp and cross your fingers they left everything default with snmp security.– xxl3wwCommented Jul 15, 2013 at 21:55
-
The problem with running the MAC is that it gives the vendor of the chip for that interface, not necessarily the maker of the device as a whole. Much of the time, you'll get the information you want, but it isn't reliable.– MaQleodCommented Jul 15, 2013 at 22:27
-
The other problem with MAC is it is a layer 2 feature, meaning only detectable on the local network - you cannot discover a MAC (easily) for a remote device. So you might be able to get the details of your own router, but you could do that just as well by walking up to it and reading the label.– PaulCommented Jul 15, 2013 at 22:30
Add a comment
|
1 Answer
You could use nmap OS discovery to uncover various details about the hops. Its success is a bit dependent on how open the device is. Which is usually not open at all if part of the routing infrastructure of the internet.
$ sudo nmap -O -v 203.215.20.19
Starting Nmap 6.00 ( http://nmap.org ) at 2013-07-16 08:26 EST
Initiating Ping Scan at 08:26
Scanning 203.215.20.19 [4 ports]
Completed Ping Scan at 08:26, 0.11s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 08:26
Completed Parallel DNS resolution of 1 host. at 08:26, 6.50s elapsed
Initiating SYN Stealth Scan at 08:26
Scanning te4-4.ade-pipe-bdr1.on.ii.net (203.215.20.19) [1000 ports]
Completed SYN Stealth Scan at 08:26, 2.18s elapsed (1000 total ports)
Initiating OS detection (try #1) against te4-4.ade-pipe-bdr1.on.ii.net (203.215.20.19)
Nmap scan report for te4-4.ade-pipe-bdr1.on.ii.net (203.215.20.19)
Host is up (0.13s latency).
All 1000 scanned ports on te4-4.ade-pipe-bdr1.on.ii.net (203.215.20.19) are closed
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: router|switch|WAP
Running: Cisco IOS 12.X
OS CPE: cpe:/h:cisco:870_router cpe:/o:cisco:ios:12 cpe:/h:cisco:2960_switch cpe:/h:cisco:aironet_ap1250 cpe:/o:cisco:ios:12.4
OS details: Cisco 870 router or 2960 switch (IOS 12.2 - 12.4), Cisco Aironet 1250 WAP (IOS 12.4)
Network Distance: 6 hops
Read data files from: /usr/bin/../share/nmap
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.42 seconds
Raw packets sent: 1090 (48.554KB) | Rcvd: 1007 (40.530KB)
-
how does it work? What info is the router sending that identifies what kind of router it is? Commented Feb 1 at 9:37