The only way to truly passively map a network, the term "passive" meaning you initiate nothing, is to be on the network, listening. And any machine that does not send traffic onto your local wire (be it a VLAN, hub, your port on the switch, or whatever) will not show up. This is why people still use active (and much more detectable) means to map networks. > -----Original Message----- > From: Jason Lewis [mailto:jlewisat_private] > Sent: Tuesday, February 04, 2003 7:36 PM > To: pen-testat_private > Subject: RE: Using ARP to map a network > > > Maybe I am asking the wrong question. > > If my goal is to passively map a network, what is the best > way to do that? > > > I'm not quite sure how ARP harvesting (via SNMP, presumably?) is > > passive, but here goes: > > > > On the face of it, you should be able to do this. Problems could > > occur if you run into firewalls, or in switched environments where > > there are machines that infrequently communicate outwards > (and rarely > > broadcast). Unfortunately, both of these instances are much more > > likely with respect to critical infrastructure (like > database back-end > > servers or the accounting department.) What is the goal of > using this > > means as opposed to some other method? SNMP queries to > routers may be > > just as obvious as ping sweeps or SYN scans in the eyes of > an IDS, and > > perhaps even more so if they have logging set high enough. > > > >> -----Original Message----- > >> From: Jason Lewis [mailto:jlewisat_private] > >> Sent: Tuesday, February 04, 2003 6:37 PM > >> To: pen-testat_private > >> Subject: Using ARP to map a network > >> > >> > >> I have searched and can't seem to find any tools to help map a > >> network based on ARP tables. > >> > >> It seems to me, I could take ARP tables from several machines and > >> build a network map. If machines were behind a router the > ARP tables > >> would show multiple IP's with the same MAC. With enough > ARP tables, > >> wouldn't I be able to build a map? > >> > >> Is my theory flawed? > >> > >> My goal is to do passive network mapping based on any local > >> information I can obtain from computers or network devices. Anyone > >> have any ideas? > >> > >> jas > >> > >> > >> > >> -------------------------------------------------------------- > >> -------------- > >> This list is provided by the SecurityFocus Security Intelligence > >> Alert (SIA) Service. For more information on SecurityFocus' SIA > >> service which automatically alerts you to the latest security > >> vulnerabilities please see: > > https://alerts.securityfocus.com/ > > > > > -------------------------------------------------------------- > -------------- > This list is provided by the SecurityFocus Security > Intelligence Alert (SIA) Service. For more information on > SecurityFocus' SIA service which automatically alerts you to > the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Feb 06 2003 - 20:53:53 PST