Penetration Testing mailing list archives

RE: generating a network map

From: "Alex Arndt" <aarndt () rogers com>
Date: Sun, 19 Jun 2005 11:51:28 -0400

Comments in-line below...

-----Original Message-----
From: Talha [mailto:tt83x () yahoo com]
Sent: June 18, 2005 1:31 AM
To: pen-test () securityfocus com
Subject: generating a network map

Hello there,
I am looking for a software that can generate or
reconstruct a network topology from raw data obtained
from live network capturing or offline tcpdump capture
files.

Sounds to me like you want to build a passive network
map, and avoid doing active network discovery that might
be picked off by your client's security team (this is
the pet-test list, after all).

Also if theres any utility (preferably open source)
than can generate a network map from nmap logs.


Wait, you just mentioned nmap logs. That's active
scanning. If you aren't worried about tipping off
anyone by using an active method, there are several
options (some of which have already been mentioned).

Here's a few ideas, with links:

Ipswitch WhatsUp Pro (topology from active network
discovery)
http://www.ipswitch.com/Products/WhatsUp/professional/
NOTE: 30-day trial available

Cheops (topology from active discovery)
http://www.marko.net/cheops/
NOTE: multiple issues identified by other posters

Etherape (topology from passive monitoring)
http://etherape.sourceforge.net/
NOTE: Good choice, but requires direct access to
monitor network. (Good luck getting a clandestine
TAP and Etherape box onto the network...)

If you don't mind building your topology yourself,
using the data you collected via pcap, they here's
a suggested methodology. It assumes that you've
collected a substantial amount of pcap from hosts
internal to the network.

Replay all the pcap files through p0f (get it at
http://lcamtuf.coredump.cx/p0f.shtml) to generate
a list of probably OS installs at the recorded IP
addresses.

Given that you'll now have a OS to IP map of the
network, you in essence have a non-visual network
topology. If pictures are important, you could
manually construct the network diagram or write a
PERL script to do it for you (as per the suggestion
from Nathan Einwechter). Sounds almost like a new
spin on Cheops...

any help will be highly appreciated

I hope this does.

Alex Arndt
CISSP, GCIA, GCIH

"Within all order is the potential for chaos..."

Current thread:

RE: generating a network map, (continued)
- RE: generating a network map Steve Figures (Jun 18)
- Re: generating a network map Rodrigo Blanco (Jun 18)
- Re: generating a network map Peyman GOHARI (Jun 18)
- RE: generating a network map Richard Zaluski (Jun 18)
- Re: generating a network map Nathan Einwechter (Jun 18)
- Re: generating a network map R. DuFresne (Jun 18)
- Re: generating a network map Jeroen (Jun 18)
- RE: generating a network map Richard Zaluski (Jun 18)
  - RE: generating a network map Clement Dupuis (Jun 19)
- RE: generating a network map Steve A (Jun 19)
- RE: generating a network map Alex Arndt (Jun 19)
- Re: generating a network map Javier Blanque (Jun 19)
- Re: generating a network map Johan Petersson (Jun 20)
- RE: generating a network map Erez (Jun 20)
- Re: generating a network map Christian Lecompte (Jun 20)
- Re: generating a network map Luis Ángel Fernández Escabias (Jun 23)
- RE: generating a network map Steve Goldsby (ICS) (Jun 19)
- RE: generating a network map Todd Towles (Jun 20)
- RE: generating a network map Jarmon, Don R (Jun 22)