On Tue, Feb 04, 2003 at 06:36:59PM -0500, Jason Lewis wrote: > I have searched and can't seem to find any tools to help map a network > based on ARP tables. > > It seems to me, I could take ARP tables from several machines and build a > network map. Yes, you could at least see what machines were up on the network. One thing I sometimes do is ping the broadcast address, and then save the arp table, but that is obviously not passive, hehe. > If machines were behind a router the ARP tables would show > multiple IP's with the same MAC. With enough ARP tables, wouldn't I be > able to build a map? You won't have listings in your arp table beyond your subnet. > Is my theory flawed? > > My goal is to do passive network mapping based on any local information I > can obtain from computers or network devices. Anyone have any ideas? Unless you have static arp tables, you won't have things in your arp tables for usually more than a few minutes, so It's probably just as easy to get this information listening to network traffic, ie. logging the original arp replies. Hope this helps, sithEnder ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Feb 05 2003 - 10:28:59 PST