Mobile Device identification using Nmap

Question

I am attempting to identify a mobile device on a LAN using Nmap, more specifically an Android smartphone. Both my laptop and the target (android smartphone) are connected to the same access point. I can ping the device etc. When I run a standard Nmap scan against the smartphone it says all 1000 ports are closed, which is odd considering I am browsing the web on the phone while the scan is running. With no ports being open, device discovery is very difficult.

Is anyone aware of an efficient way to identify a smartphone on a network? Or can anyone explain this kind of behaviour from the mobile device?

Thanks in advance

score 4 · Answer 1 · answered Aug 23 '14 at 15:38

4

In my experience with nmap, i had to limit packet send rate to discover some devices. You can do so with the option

--max-rate : Send packets no faster than per second

For example:

nmap --max-rate 100 192.168.0.2

Using that speed, nmap finds my smartphone even though its 1000 ports are closed. If i set it to 500 packets per second, it doesn`t find it.

answered Aug 23 '14 at 15:38

MXS

121
6

Great! Works for me – Sergius Oct 13 '16 at 19:12
adding -sP runs a quick scan for just available host as android usually dont have open ports by defaults is just a waste of time running a full scan unless you know it does have open ports :) – Chop Labalagun May 27 '18 at 01:55

score 3 · Answer 2 · answered Feb 28 '12 at 08:11

nmap is only going to find ports that are open and waiting for connections - ports that have services running on them. You could use Handset Detection but it'll need your device to visit a web page as it requires http headers for device detection (disclaimer : my startup).

Amethon do something like this (guessing from their blurb), perhaps by watching a traffic stream from mirrored switch port. Not sure what their product costs, but they might be able to help out with questions or give you an approach.

Hope that helps a bit.

score 0 · Answer 3 · answered Jun 09 '13 at 06:48

you could make a script where the arguments received are the current subnet you want to explore and the subnet mask... just like nmap... but pinging all the host on the current network instead of looking for open ports.. this only will tell you if the host is up... but not if it's a smartphone... maybe nessus could help you since it's more complete...

score 0 · Answer 4 · answered May 27 '14 at 13:54

0

You could use the following nmap -p1-65535 -O -p will specify to scan ports 1-65535 and -O will check for the Operating system running on the device. Hope this helps!

answered May 27 '14 at 13:54

Jon

1

Mobile Device identification using Nmap

4 Answers4