Rick Who Else? wrote: > > Let me clarify somewhat. Lets imagine a scenario, of being on a seperate > network of your target network. So sniffing traffic and MAC addresses don't > apply. And you wish to see how many machines on are a certain subnet. So you > wish to scan the entire range of a class C, lets say. ICMP is filtered out. > And some of the machines may have no ports open. Scanning to see what machines are there should be trivial. A TCP SYN-scan (or a variety of more stealthy TCP scans) would do that. More interesting TCP scans (X-mas, NULL, surprise-ACK, etc.) can give you more hints about the OS. Of course, once you get any traffic from the hosts, you can also look at the IP headers for more clues, TTL, IP ID pattern, DF-bit, etc. Of course, I am assuming you mean "closed ports" are really closed ports (return RSTs when tickled) as opposed to filtered, firewalled TCP ports. If that's the case... good luck. -- Crist J. Clark Network Security Engineer crist.clarkat_private Globalstar, L.P. (408) 933-4387 FAX: (408) 933-4926 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmasterat_private
This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 20:56:23 PDT