Penetration Testing mailing list archives
Re: Mapping Class A network ( any easy trick?)
From: John Thomas <mjohn2000_99 () yahoo com>
Date: 12 Feb 2005 04:23:44 -0000
In-Reply-To: <6b0d9eef050210044538f5dda4 () mail gmail com> Thanks everybody for your advice, they were very helpful. I forgot give u details about my scan. It is a private network consists of about 10,000 hosts. I am planning this step as the first step of the penetration testing (well, I may have to cut down to vulnerability scan like u guys suggested). I am thinking about going for nmap pingsweep. That would give me all (well most of them) IPs. I am also looking into some of the tools and tricks(DNS, snmp, etc) suggested by you. Nmap was doing a pretty good for me, so I cant just give away my friend. ;) Well, thanks again guys
Hi, I once used a program called networkview to scan a Class A network. In 4 hours it was at 36% of the scan. I was scanning for "normal" ports and a few others of my concern. Very impressive, very fast. I was using a 3Mbps download 256Kbps upload connection at the time. Some info from publisher: NetworkView 3.1 Rating: 5/5 -------------------------------------------------------------------------------- License: Shareware Price: $79.00 Expires after 30 Days Information: This is a compact network discovery and management tool for the Win32 platform. It will discover all TCP/IP nodes and draw a full graphical map, including routes, from DNS, MAC Addresses, SNMP, WMI and TCP port information. It can also poll the network and send an e-mail when nodes are unreachable. With more than 11,000 entries in its SNMP and MAC address databases, it can be used from a floppy disk. Full print and print preview capabilities for maps and lists are included. Note: SNMP must be installed, and administrator rights are necessary for discovery and monitoring. Additional Software Required: SNMP Cheap and fast. That's how I like it. Note: I do not work for the publisher nor will I get money for this (Damn, I should get money for this!). Hope it helps. On Tue, 08 Feb 2005 09:34:10 -0800 (PST), John Thomas <mjohn2000_99 () yahoo com> wrote:I am about to do a penetration testing on a "Class A network" and wondering how I can map the network without pinging 17 million IPs.(nmap -Sp 10.0.0.0/8) I did some research and the best information I got is from one of the earlier post on this list(http://seclists.org/lists/pen-test/2004/Jul/0067.html) . It was to use broadcast IPs for pings. But it may miss some subnets. Is that the best way to it? If not, please advise-- Ismael Gonzalez CEO / Consultant Allied Technologies, Inc.
Current thread:
- RE: Mapping Class A network ( any easy trick?), (continued)
- RE: Mapping Class A network ( any easy trick?) Moonen, Ralph (Feb 08)
- Re: Mapping Class A network ( any easy trick?) Tim (Feb 09)
- RE: FW: Mapping Class A network ( any easy trick?) Navin Johnson (Feb 08)
- Fw: Re: Mapping Class A network ( any easy trick?) Volker Tanger (Feb 09)
- RE: Mapping Class A network ( any easy trick?) Henderson, Dennis K. (Feb 09)
- RE: Mapping Class A network ( any easy trick?) Brass, Phil (ISS Atlanta) (Feb 09)
- RE: Mapping Class A network ( any easy trick?) Moonen, Ralph (Feb 09)
- Re: Mapping Class A network ( any easy trick?) Tim (Feb 11)
- RE: Mapping Class A network ( any easy trick?) robert (Feb 09)
- RE: Mapping Class A network ( any easy trick?) Jeff Gercken (Feb 09)
- Re: Mapping Class A network ( any easy trick?) John Thomas (Feb 11)
- RE: Mapping Class A network ( any easy trick?) Moonen, Ralph (Feb 08)