Maybe I am asking the wrong question. If my goal is to passively map a network, what is the best way to do that? > I'm not quite sure how ARP harvesting (via SNMP, presumably?) is > passive, but here goes: > > On the face of it, you should be able to do this. Problems could occur > if you run into firewalls, or in switched environments where there are > machines that infrequently communicate outwards (and rarely broadcast). > Unfortunately, both of these instances are much more likely with respect > to critical infrastructure (like database back-end servers or the > accounting department.) What is the goal of using this means as opposed > to some other method? SNMP queries to routers may be just as obvious as > ping sweeps or SYN scans in the eyes of an IDS, and perhaps even more so > if they have logging set high enough. > >> -----Original Message----- >> From: Jason Lewis [mailto:jlewisat_private] >> Sent: Tuesday, February 04, 2003 6:37 PM >> To: pen-testat_private >> Subject: Using ARP to map a network >> >> >> I have searched and can't seem to find any tools to help map >> a network based on ARP tables. >> >> It seems to me, I could take ARP tables from several machines >> and build a network map. If machines were behind a router >> the ARP tables would show multiple IP's with the same MAC. >> With enough ARP tables, wouldn't I be able to build a map? >> >> Is my theory flawed? >> >> My goal is to do passive network mapping based on any local >> information I can obtain from computers or network devices. >> Anyone have any ideas? >> >> jas >> >> >> >> -------------------------------------------------------------- >> -------------- >> This list is provided by the SecurityFocus Security >> Intelligence Alert (SIA) Service. For more information on >> SecurityFocus' SIA service which automatically alerts you to >> the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Feb 05 2003 - 10:42:48 PST