Open-AudIT

Here is the post data from nmap for a cisco router

[code]
# Nmap 5.00 scan initiated Mon Sep 21 16:55:00 2009 as: C:\Program Files\Nmap\nmap.exe -sS -sV --version-intensity 4 -O -v -oN C:\DOCUME~1\jimbob~1\LOCALS~1\Temp\2\nmap_10.147.82.1_20090921165453.tmp 10.147.82.1 Initiating OS detection (try #1) against 10.147.82.1 Host 10.147.82.1 is up (0.066s latency). Interesting ports on 10.147.82.1: Not shown: 995 closed ports PORT STATE SERVICE VERSION 23/tcp open telnet Cisco router 2001/tcp open telnet Cisco router 4001/tcp open tcpwrapped 6001/tcp open tcpwrapped 9001/tcp open tcpwrapped Device type: router Running: Cisco IOS 12.X OS details: Cisco Aironet 1240AG or 1250 WAP, or 1811 or 2800 router (IOS 12.4) TCP Sequence Prediction: Difficulty=261 (Good luck!) IP ID Sequence Generation: Randomized Service Info: OS: IOS; Device: router Read data files from: C:\Program Files\Nmap OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . # Nmap done at Mon Sep 21 16:55:49 2009 -- 1 IP address (1 host up) scanned in 53.30 seconds
[/code]

I changed this part of the code as a work around for the script not seeing this right

[code]
//if device type in blank make it a unknown
if ($device_type == ""){$device_type = "unknown";}
//if running is blank make it unknown
if ($running == ""){$running = "unknown";}
//now to check on the device type again and see what is running
if (substr_count($device_type, "general purpose") > "0"){
if (substr_count($running, "Linux") > "0") { $device_type = "os_linux";}
if (substr_count($running, "Windows") > "0") { $device_type = "os_windows"; echo "Windows.<br />";}
if (substr_count($running, "unix") > "0") { $device_type = "os_unix";}
if (substr_count($running, "MAC") > "0") { $device_type = "os_mac";}
if (substr_count($running, "AIX") > "0") { $device_type = "os_unix";}
if (substr_count($running, "SCO UnixWare") > "0"){ $device_type = "os_unix";}
} else {
//lets add in other things to see if this will work
if (substr_count($running, "Cisco IOS 12.X") > "0") { $device_type = "broadband_router"; echo "Cisco router.<br />";}
}
[/code]

Probably I didn't understand what you want to achieve: according to your scan output, your device should have been correctly reported by OA as having a description (field other.other_description of your db) like "Cisco IOS 12.X" and a Type (field other.other_type) like "router".

_________________
Edoardo

I had to change to code as it was not picking up the router's "$running" in admin_nmap_input.php
I have a few devices on my network that are not showing up proper when I do a nmap scan.