Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Using ARP to map a network

From: "Rajesh Kumar Dilli" <drajesh () tcs-america com>
Date: Tue, 4 Feb 2003 16:24:09 -0800
Relying fully on the ARP tables will not enable you to map a network. 
        If your goal is to do passive network mapping then you can build
a table of arp and corresponding ip address, then use this knowledge
along with other information such as TTL from these ip addresses to map
the network.

DRajesh

-----Original Message-----
From: Jason Lewis [mailto:jlewis () packetnexus com] 
Sent: Tuesday, February 04, 2003 3:37 PM
To: pen-test () securityfocus com
Subject: Using ARP to map a network

I have searched and can't seem to find any tools to help map a network
based on ARP tables.

It seems to me, I could take ARP tables from several machines and build
a
network map.  If machines were behind a router the ARP tables would show
multiple IP's with the same MAC.  With enough ARP tables, wouldn't I be
able to build a map?

Is my theory flawed?

My goal is to do passive network mapping based on any local information
I
can obtain from computers or network devices.  Anyone have any ideas?

jas



------------------------------------------------------------------------
----
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: