Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Using ARP to map a network

From: Lambott () aol com
Date: Tue, 04 Feb 2003 20:36:06 -0500
You need to download and install a Linux based open source tool called ettercap from http://ettercap.sourceforge.net/
It should do the job. It will also allow you to do passive host fingerprinting, arp poisoning detection or duplicate 
mac, sniffing etc
It does an ARP storm of the whole subnet your machine is connected to everytime it is loaded, so by careful not to load 
it when using public IP address. 

All the best,

T.Lambo

In an email dated Tue, 4 Feb 2003 11:36:59 pm GMT, "Jason Lewis" <jlewis () packetnexus com> writes:


I have searched and can't seem to find any tools to help map a network
based on ARP tables.

It seems to me, I could take ARP tables from several machines and build a
network map.  If machines were behind a router the ARP tables would show
multiple IP's with the same MAC.  With enough ARP tables, wouldn't I be
able to build a map?

Is my theory flawed?

My goal is to do passive network mapping based on any local information I
can obtain from computers or network devices.  Anyone have any ideas?

jas



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: