I recently was running arp-scan quite often on my local network. I've noticed that one of the devices has 192.168.0.255.
Is that normal to have a device on a broadcast address?
nmap doesn't have much to say about that device apart from the fact that it's Google's Mac.
Now few days later I ran arp-scan again and for like a week now, there's another device I haven't noticed ever before with ip 192.168.0.28, but it has exactly the same MAC address as the 192.168.0.255!
However nmap shows that it's a different device but after I checked ports on it I still have no idea what it is.
I'm renting a room at this place and I know that the landlord has (or had) one of those Google speakers (I think Google Nest), but I have no idea if he uses it or not.
I don't have access to the router.
Is that normal to have a device on a broadcast address?
nmap doesn't have much to say about that device apart from the fact that it's Google's Mac.
Code:
sudo nmap -sS -O -A 192.168.0.255
Starting Nmap 7.80 ( https://nmap.org ) at 2022-09-07 14:28 BST
Nmap scan report for 192.168.0.255
Host is up (0.14s latency).
All 1000 scanned ports on 192.168.0.255 are filtered
MAC Address: 1C:F2:9A:xx:xx:xx (Google)
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop
TRACEROUTE
HOP RTT ADDRESS
1 141.39 ms 192.168.0.255
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 150.69 seconds
Now few days later I ran arp-scan again and for like a week now, there's another device I haven't noticed ever before with ip 192.168.0.28, but it has exactly the same MAC address as the 192.168.0.255!
However nmap shows that it's a different device but after I checked ports on it I still have no idea what it is.
Code:
sudo nmap -sS -O -A 192.168.0.28
[sudo] password for mm:
Starting Nmap 7.80 ( https://nmap.org ) at 2022-09-07 14:31 BST
Nmap scan report for 192.168.0.28
Host is up (0.054s latency).
Not shown: 841 closed ports, 154 filtered ports
PORT STATE SERVICE VERSION
8008/tcp open http?
|_http-title: Site doesn't have a title (text/html).
8009/tcp open ssl/ajp13?
|_ajp-methods: Failed to get a valid response for the OPTION request
| ssl-cert: Subject: commonName=d1729ed8-f1f3-b790-d887-aa6dc9dcabfa
| Not valid before: 2022-09-06T14:31:58
|_Not valid after: 2022-09-08T14:31:58
|_ssl-date: 2022-09-07T13:34:08+00:00; 0s from scanner time.
8443/tcp open ssl/https-alt?
9000/tcp open ssl/cslistener?
10001/tcp open ssl/scp-config?
MAC Address: 1C:F2:9A:xx:xx:xx (Google)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.80%E=4%D=9/7%OT=8008%CT=1024%CU=41045%PV=Y%DS=1%DC=D%G=Y%M=1CF2
OS:9A%TM=63189E67%P=x86_64-pc-linux-gnu)SEQ(SP=102%GCD=1%ISR=10A%TI=I%CI=I%
OS:II=RI%SS=S%TS=A)OPS(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B
OS:4ST11NW7%O5=M5B4ST11NW7%O6=M5B4ST11)WIN(W1=7200%W2=7200%W3=7200%W4=7200%
OS:W5=7200%W6=7200)ECN(R=N)T1(R=Y%DF=N%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3
OS:(R=N)T4(R=Y%DF=N%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=N%T=40%W=0%S=
OS:Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=
OS:Y%DF=N%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%R
OS:IPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=S%T=40%CD=S)
Network Distance: 1 hop
TRACEROUTE
HOP RTT ADDRESS
1 54.25 ms 192.168.0.28
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 300.20 seconds
I'm renting a room at this place and I know that the landlord has (or had) one of those Google speakers (I think Google Nest), but I have no idea if he uses it or not.
I don't have access to the router.