Nmap Development mailing list archives
Re: Nmap Soc Ideas
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Fri, 27 Mar 2009 05:45:02 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 26 Mar 2009 22:33:13 -0700 or thereabouts Ravipriya Thushara <rthushara () gmail com> wrote:
I haven't a good passive sniffer yet.Even if there is a one, I don't think it'll generate a XML file in Zenmap understandable format.So I think writing a such tool, a packet sniffer that can detect and understand network topology and write it to a XML file Zenmap can understand. Then it will be a good idea. It'll be a separate tool and can help Zenmap in discovering network topologies. As it'll be an external and separate tool from Nmap, it'll be easy to develop. I'm waiting to hear from you my idea
It can be really difficult to map out an accurate representation of a network's topology from just a single vantage point. - From most points the world looks flat. Sniffing on an edge VLAN is really only going to tell you about the local hosts. Even then, in a switched network you're likely to only see IGMP, ARP, STP, BootP/DHCP, broadcast, and multicast traffic. If you were to sniff at a peering point you'd certainly see a lot of traffic but understanding how those hosts are interconnected would still be very hard. Passively observing routing protocols like OSPF and BGP would reveal some of the structure of the network but wouldn't tell you much about the end-hosts. You might think about leveraging a combination of protocols such as CDP, SNMP, and NetFlow to construct a network map and general usage. This, of course, would be active probing and not passive sniffing. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (GNU/Linux) iEYEARECAAYFAknMZ+UACgkQqaGPzAsl94KjQwCghVlxhGqHW+Ybt1KQBF/cnTbM D8wAn0Giq9ubI46cAJdNxyZdHX83gzzt =B5Rr -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: Nmap Soc Ideas Adriano Marques (Mar 19)
- <Possible follow-ups>
- Re: Nmap Soc Ideas Ravipriya Thushara (Mar 26)
- Re: Nmap Soc Ideas Brandon Enright (Mar 26)