Penetration Testing mailing list archives
Re: Mapping a network
From: Kurt Buff <kurt.buff () gmail com>
Date: Mon, 14 Sep 2009 14:36:37 -0700
If you wish to expand your list of software for internal use, might I suggest NetDisco? It uses CDP/LLDP to map the network, and produces a nifty little graph, among many other things. Of course, that assumes that you have SNMP community strings, but... Kurt On Sat, Sep 12, 2009 at 12:12, arvind doraiswamy <arvind.doraiswamy () gmail com> wrote:
Hey Guys, What's the best way to completely map an internal network? In 2 situations: a) Sitting on the Internet b) On the internal network Here are my thoughts after thinking a while and reading a few old threads on this list as well. a) From the Internet , I think its tough to map an internal network at all. You might be able to say identify the perimeter devices at best - meaning their external firewall and their border routers at best. Maybe a few internal IP addresses will be revealed through misconfigurations - but beyond that I think its tough to do anything more. Is this correct? b) On an internal network things get interesting though. Note that I'm looking at something like an internal pentest where I'm allowed to put a machine into the network. Here are various ways in which one can obtain information: --- Start Wireshark and just listen to traffic. You'll get plenty of ranges of valid IP addresses. --- Start something like p0f for the same purpose as above. --- Look for weak SNMP community strings and obtain routing information --- Scan for DNS servers and try a zone transfer(Yes this worked recently) --- Nmap's ARP scan/Ping scan/known port scan --- Simple ICMP pings --- ICMP,UDP and TCP Traceroute to get the exact paths and placement of devices What else? I read up a lot of old threads to see whether there was something that was already in use. I got a lot of software names of which some were familiar. Here is part of that list: etherape ntop cheops opte lumeta Visio enterprise friendly pinger ipswitch whatsup pro Intermapper networkview Now I think a lot of that is commercial and i daresay there are many more products which "claim" to do a lot of accurate mapping. Right now I'm looking just at open source though. I tried Cheops last month but it doesn't seem to be totally accurate .. it didn't even detect everything that was live on my LAN. So what's the best way forward? Is it a good idea to write code to brute force each and every private IP address in the entire space to check if it is live? I'm open to writing the code -- just thought I'd bounce this off the list before I got started. All inputs are welcome. Thanks Arvind ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Mapping a network arvind doraiswamy (Sep 14)
- Re: Mapping a network Kurt Buff (Sep 15)
- Re: Mapping a network Zack Payton (Sep 17)
- Re: Mapping a network Lee (Sep 22)
- Re: Mapping a network Zack Payton (Sep 22)
- Re: Mapping a network Lee (Sep 22)
- Re: Mapping a network Zack Payton (Sep 22)
- Re: Mapping a network Lee (Sep 22)
- Re: Mapping a network Chris Brenton (Sep 23)
- Re: Mapping a network Zack Payton (Sep 23)
- RE: Mapping a network David_Falloon (Sep 24)
- Re: Mapping a network Elizabeth Greene (Sep 23)
- Re: Mapping a network Zack Payton (Sep 17)
- Re: Mapping a network Kurt Buff (Sep 15)