Relying fully on the ARP tables will not enable you to map a network. If your goal is to do passive network mapping then you can build a table of arp and corresponding ip address, then use this knowledge along with other information such as TTL from these ip addresses to map the network. DRajesh -----Original Message----- From: Jason Lewis [mailto:jlewisat_private] Sent: Tuesday, February 04, 2003 3:37 PM To: pen-testat_private Subject: Using ARP to map a network I have searched and can't seem to find any tools to help map a network based on ARP tables. It seems to me, I could take ARP tables from several machines and build a network map. If machines were behind a router the ARP tables would show multiple IP's with the same MAC. With enough ARP tables, wouldn't I be able to build a map? Is my theory flawed? My goal is to do passive network mapping based on any local information I can obtain from computers or network devices. Anyone have any ideas? jas ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Feb 05 2003 - 10:38:30 PST