Re: Layer-2 Topology Mapping?

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 2 Oct 2008 08:30:45 -0400
"McCash John-GKJN37" <john.mccash () motorola com> wrote:

> Hi Everyone,
>     Please reply directly back to me as well as to the list.
>  
>     I recently listened to the interview with Fyodor that ran on the
> PaulDotCom Security Weekly Podcast. When I heard about the new layer-3
> mapping functionality that's now folded into Zenmap, I got really
> excited.
>  
>     Has anybody considered a new feature, or possibly some sort of
> scripted add-on, to allow Nmap/Zenmap to do layer-2 topology mapping?
> If it was to incorporate some data pulled via SNMP from router ARP
> tables and switch CAM tables, it ought to be able to interpolate a
> lot of the layer-2 information. Does anybody think that would be cool
> enough to work on?
>  
>         Thanks
>             John McCash

John,

I've bounced this sort of idea off of Fyodor, Kris, and other devs
before.  The basic idea is that if --traceroute were done before a
script scan and the data was exposed to NSE, then a Lua script could
use SNMP to query for ARP entries, CDP neighbors (on Cisco gear), etc.

The conclusion we've always arrived at though is that yeah, we /could/
hack this up into Lua/NSE but that Nmap is probably the wrong place for
it.  Just like we /could/ write a NSE script web application scanner to
look for XSS and SQL injection but the architecture and common usage of
Nmap suggests that it would be better as a stand-alone tool.

Brandon


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkjlNCAACgkQqaGPzAsl94JluwCfQfEs2sTbsT+fJ9JoJPBhsCsf
KBwAn3av0JqB0+gnBvP64k+f4t0hDKCk
=KMmg
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org