[WEB SECURITY] way to determine virtual hosts?

Justin Townsend justin.townsend at i-assure.com
Tue Apr 15 11:57:18 EDT 2008

>From the network, you can perform port scans for ports 5900 (microsoft virtual server) or 902 (vmware virtual server) to find virtual host systems in their default state.
On vmware, you can detect virtual machines that are sharing a physical NIC with the host system by their MAC, which starts with 00:0C:29. Microsoft's MAC should start with 00:03:FF, but I haven't personally verified this.
Note that all of this information can be changed by someone actively trying to hide.

Short answer: run nmap-it will label the ports accordingly, and label the MAC manufacturer if you're on the same segment.
Justin Townsend

I-Assure, LLC | Defense In Depth Solutions
justin.townsend at i-assure.com
From: Travis Altman [travisaltman at gmail.com]
Sent: Tuesday, April 15, 2008 5:11 AM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] way to determine virtual hosts?

i'm specifically looking for a way to do this on an INTERNAL network, any suggestions?

Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

More information about the websecurity mailing list