Respuesta: Identification of non Cisco AP's

[Omar Herrera <oherrera () prodigy net mx>]

Hi Jonathan

Linksys AP I've seen all use an initial TTL of 150, calculating the number of hops between you an the hosts scanned and 
then add the TTL of responses should do it. Or simply looking at responses of probes to port 80 TCP, with a TTL close 
to and < 150 should be enough and relatively fast.

Regards,

Omar Herrera

----- Mensaje original -----
De: Jonathan Gauntt 
> Hi,
>
> I have been tasked with the project of scanning and identifying 
> all non
> Cisco wireless access points within the company?s network.
>
> We have about 800 /22 and /24 subnets, and because of the IP 
> addressingscheme in place, might just be easier for me to scan the 
> whole class A range
> of IP?s.
>
> I have access to Nessus and GFI Security Scanner.  Since we over 
> 8000 IP?s
> in place, does anyone have any advice on the best way to identify 
> these non
> Cisco AP?s such as Linksys and Netgear, etc.
>
> I wouldn?t want to have a report produced that is two miles long 
> unlessabsolutely necessary.
>
> Thanks,
>
>
> Jonathan