Penetration Testing mailing list archives
Re: Profiling a Networks Infrastructure
From: Paul Melson <pmelson () gmail com>
Date: Mon, 22 Jun 2009 20:57:35 -0400
On Mon, Jun 22, 2009 at 11:18 AM, pma111<pmaneedham () hotmail com> wrote:
Is there a specific tool or procedure you use when you want to "profile" a specific network. Namely, I would like to see what options somebody could use to identify every internal Oracle Database / Database Server that resides on the Network. Could this be done without tools by some kind of command line instruction, or would it require software installing on the network. Or is it no way near as simplistic as this, and even a user sat inside the network would need access to network documentation / diagrams etc to identify a full list of all internal Oracle DB's / DB Servers.
It totally depends on 1) the specifics of the network and 2) what your expectations are for a "profile." The specific example you give can be done easy enough with a tool like nmap using the -sV flag. If you have local access to the server, commands like netstat and lsof can be used to find listening network ports, and in some cases tie them back to running processes. But from the network side, a port scanner like nmap that can also perform service/banner identification is the easiest place to start from. PaulM ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Profiling a Networks Infrastructure pma111 (Jun 22)
- Re: Profiling a Networks Infrastructure pand0ra (Jun 24)
- Re: Profiling a Networks Infrastructure Paul Melson (Jun 24)
- Re: Profiling a Networks Infrastructure Adriel T. Desautels (Jun 24)
- Re: Profiling a Networks Infrastructure Muhammad Farooq-i-Azam (Jun 24)
- [Suspected Spam]RE: Profiling a Networks Infrastructure Syed Khaden (Jun 26)
- Re: Profiling a Networks Infrastructure Phil Young (Jun 24)
- RE: Profiling a Networks Infrastructure Tom Farrar (Jun 24)
- <Possible follow-ups>
- Re: Profiling a Networks Infrastructure lidlosesauge (Jun 26)