Noticed a couple of devices (named Radar 40 and Radar 55) on my network I could apparently cast to and eventually traced it to an IP on my network. I've accounted for every single physical device besides that one. I tried to port scan it but despite it appearing as active on my router nmap kept telling me the host was down. I tried actually casting something to it and then it suddenly started responding to nmap:
Starting Nmap 7.70 ( nmap.org ) at 2019-04-22 10:18 PDT Initiating ARP Ping Scan at 10:18 Scanning 192.168.1.123 [1 port] Completed ARP Ping Scan at 10:18, 0.03s elapsed (1 total hosts) Initiating System DNS resolution of 1 host. at 10:18 Completed System DNS resolution of 1 host. at 10:18, 5.10s elapsed Initiating SYN Stealth Scan at 10:18 Scanning 192.168.1.123 [65536 ports] Completed SYN Stealth Scan at 10:18, 12.20s elapsed (65536 total ports) Initiating OS detection (try #1) against 192.168.1.123 Retrying OS detection (try #2) against 192.168.1.123 Nmap scan report for 192.168.1.123 Host is up, received arp-response (0.0072s latency). All 65536 scanned ports on 192.168.1.123 are closed because of 65536 resets MAC Address: 40:4E:36:21:57:B3 (HTC) Too many fingerprints match this host to give specific OS details TCP/IP fingerprint: SCAN(V=7.70%E=4%D=4/22%OT=%CT=1%CU=34622%PV=Y%DS=1%DC=D%G=N%M=404E36%TM=5CBDF779%P=x86_64-solus-linux-gnu) SEQ(CI=I%II=I) T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G) IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 1 hop
Read data files from: /usr/bin/../share/nmap OS detection performed. Please report any incorrect results at nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 19.13 seconds Raw packets sent: 65551 (2.885MB) | Rcvd: 65550 (2.623MB)
As far as I can tell there's nothing useful there. What else can I do?
that happened to me the other week - turned out to be a lightbulb my brother had bought.
was outside the DHCP range as well, very odd.
Ryan Sullivan
It doesn't actually complete the transaction, it just makes the connection count skyrocket and enabled nmap to work. It was disappointing to say the least. Nothing fun is coming out of this at all so far.
Michael Hernandez
>Google shit in your home network Yikes
Henry Lopez
>Hostname is Radar >MAC address is in the range for HTC devices Have you considered that they might be HTC Radars?
Nathan Phillips
IoT needs to die already
Aaron Williams
It's an HTC chip, my router told me that already. Not super useful. So its two phone access points that are somehow magically tapped into my network?
Ryan Ross
Its one of these fuckers isn't it? They better watch out because I'm coming for them.
It's probably just WiFi Direct, not an access point and not related to your network
Oliver Diaz
>not related to your network >has an ip address in his wlan
David Jenkins
Once found out the neighbor has one of those fridges with a computer in it.
Dominic Brown
Its connected to my network
William Torres
do you live near an airbase, spystation or someting?
Robert Williams
kick it then change pass
Bentley Sanders
Never mind I'm an idiot. Still doesn't explain the Radar 40 and Radar 55 cast devices, but it explains the device on my network that responds to my casting activity.
Okay so this is probably what it is after realizing I'm dumb as rocks in Is there any easy way to identify the device? Now that I know its not on my network I'm not as motivated to investigate any further. Oh well. I thought I had something interesting going on.
Evan Morgan
Well yeah that's obvious now, but lets pretend didn't happen. What could I possibly be seeing in my router's list of ACTIVE CLIENTS that isn't a device connected to the network? I'd love to know your thought process.
Daniel Butler
You have not shown your router's list of active clients, so I don't know why you'd expect any answers about it
Robert Davis
I literally posted the nmap output of me trying to port scan it dumdum.
Yeah, you posted the output of an nmap scan of an unrelated device, which is not a list of active clients, and is a device connected to your network normally
What the fuck question are you even trying to ask?
