Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

network topology scanner for honeyd

From: Niels Provos <provos () citi umich edu>
Date: Wed, 21 Apr 2004 03:39:06 -0400
Hi,

I finally got around to package up the network topology scanner that
I wrote for Honeyd last year.

  Nttlscan is a quick network topology scanner and functions as a
  highly parallel traceroute(8).  It randomly picks destination IP
  addresses and sends TCP or UDP probes.  Returing ICMP messages are
  interpreted to recon- struct the route that packets take to their
  respective destination.

A short description and a download link can be found at

  http://www.honeyd.org/tools.php#nttlscan

The output looks like follows:

10.29.123.19: 192.122.183.73 198.108.23.248 208.174.224.73 (N!) 
10.225.121.111: 192.122.183.77 198.108.23.81 * * * * * 
10.90.56.85: 192.122.183.77 198.108.23.248 208.174.224.73 (N!) 
10.148.154.148: 192.122.183.81 198.108.23.157 208.172.10.137 208.172.2.102 208.175.10.197 208.172.146.100 
208.172.156.10 208.172.146.62 208.172.147.78 166.63.243.182 158.205.192.146 158.205.250.26 210.172.238.146 
203.178.73.150 203.178.73.166 203.178.118.178 133.148.1.1 133.148.1.1 (N!) 
10.53.111.218: 192.122.183.73 198.108.23.248 208.174.224.73 (N!) 
10.232.55.1: 192.122.183.201 192.122.183.10 198.32.8.76 198.32.8.83 198.32.11.62 62.40.96.170 62.40.103.150 
146.97.37.81 146.97.33.9 146.97.35.10 146.97.40.50 192.153.213.194 * * * * * * 
10.224.129.182: 192.122.183.81 * 66.28.21.233 66.28.66.81 66.28.4.62 66.28.4.85 66.28.4.13 66.28.4.81 154.54.1.190 
213.140.39.253 213.140.37.85 213.140.36.57 213.140.36.133 213.140.50.126 213.0.251.129 * 193.152.60.185 (FP!) 
10.208.114.133: 192.122.183.73 198.108.23.81 * * * * * 
10.67.52.51: 192.122.183.77 * 208.174.224.73 (N!) 
10.200.113.22: 192.122.183.73 198.108.23.248 208.174.224.73 208.174.226.85 208.174.226.2 152.63.71.97 152.63.67.121 
152.63.3.182 152.63.35.250 152.63.42.93 157.130.43.26 * * * * * * 

The nttlparse.py Python script that comes with nttlscan can be used to
convert the output into a Honeyd virtual routing topology.

Hope you like it,

  Niels.
-- 
We are experiencing the witch hunts of the information age.
  http://www.ageofignorance.com/
Previous By Date Next
Previous By Thread Next

Current thread: