Penetration Testing mailing list archives
Re: IP secondary network visualization tool?
From: IPv7 <listas.internet () gmail com>
Date: Tue, 26 Jan 2010 10:43:11 -0200
Sorry, here is one link: http://forums.remote-exploit.org/tutorials-guides/11380-how-using-netdiscover.html 2010/1/26 IPv7 <listas.internet () gmail com>:
I belive that you are searching something like "netdiscover" 2010/1/22 Zack Payton <zpayton () gmail com>:Or, if their routers are multicasting or broadcasting neighbor announcements, use dynamips and set up your own virtual router and add it to the routing domain to get routing table visibility... works with all routing protocols (except BGP). Although it doesn't provide subnet masks, Etherape will help you visualize IP addresses you can see from your promiscuous NIC. On Thu, Jan 21, 2010 at 3:53 AM, Paul Melson <pmelson () gmail com> wrote:On Wed, Jan 20, 2010 at 7:45 PM, Christopher A. Jarosz <christopherjarosz () att net> wrote:Is there a tools like Cheops or ??? That I can use to discover these other subnets? I know when you plug in a laptop, you need to configure it with one of the layer threes, but can you discover these without using a sniffer and by using some tool, present a network topography?There are lots of ways to get this kind of information. Here are a few off the top of my head: 1. Use nemesis to create RIP general request packets to download known routers' route tables. (This probably requires a sniffer to capture the response, but shouldn't require putting the interface in promiscuous mode.) 2. Use SNMP to query known routers for route table info. (SolarWinds has several tools that do this well.) 3. Use dig to perform internal DNS zone transfers looking for RFC1918 addresses. 4. Use traceroute to RCF1918 broadcast addresses to discover what address spaces route internally and which route to the firewall. 5. Use nmap to ping sweep all of the possible RFC1918 class C subnets, maybe optimize using only likely router addresses (i.e. .1-.3, .252-.254). Each has its own advantages and drawbacks depending on the network and the tools you have available to you (e.g. you're working from a compromised server instead of your own gear placed on the internal network), but it seems like at least a couple of these will be worth a shot. PaulM ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org -------------------------------------------------------------------------- --------------------------------------- - El conocimiento es poder - - y el saber nos hace libres. - ---------------------------------- netvulcano.wordpress.com Linux User #405757 Machine Linux #310536
-- --------------------------------------- - El conocimiento es poder - - y el saber nos hace libres. - ---------------------------------- netvulcano.wordpress.com Linux User #405757 Machine Linux #310536 ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- IP secondary network visualization tool? Christopher A. Jarosz (Jan 21)
- Re: IP secondary network visualization tool? Chris Brenton (Jan 21)
- Re: IP secondary network visualization tool? Paul Melson (Jan 21)
- Re: IP secondary network visualization tool? Zack Payton (Jan 25)
- Re: IP secondary network visualization tool? IPv7 (Jan 27)
- Re: IP secondary network visualization tool? IPv7 (Jan 27)
- Re: IP secondary network visualization tool? Christopher A. Jarosz (Jan 28)
- Re: IP secondary network visualization tool? Zack Payton (Jan 25)
- <Possible follow-ups>
- Re: IP secondary network visualization tool? Christopher A. Jarosz (Jan 25)