Penetration Testing mailing list archives
RE: generating a network map
From: "Alex Arndt" <aarndt () rogers com>
Date: Sun, 19 Jun 2005 11:51:28 -0400
Comments in-line below...
-----Original Message----- From: Talha [mailto:tt83x () yahoo com] Sent: June 18, 2005 1:31 AM To: pen-test () securityfocus com Subject: generating a network map Hello there, I am looking for a software that can generate or reconstruct a network topology from raw data obtained from live network capturing or offline tcpdump capture files.
Sounds to me like you want to build a passive network map, and avoid doing active network discovery that might be picked off by your client's security team (this is the pet-test list, after all).
Also if theres any utility (preferably open source) than can generate a network map from nmap logs.
Wait, you just mentioned nmap logs. That's active scanning. If you aren't worried about tipping off anyone by using an active method, there are several options (some of which have already been mentioned). Here's a few ideas, with links: Ipswitch WhatsUp Pro (topology from active network discovery) http://www.ipswitch.com/Products/WhatsUp/professional/ NOTE: 30-day trial available Cheops (topology from active discovery) http://www.marko.net/cheops/ NOTE: multiple issues identified by other posters Etherape (topology from passive monitoring) http://etherape.sourceforge.net/ NOTE: Good choice, but requires direct access to monitor network. (Good luck getting a clandestine TAP and Etherape box onto the network...) If you don't mind building your topology yourself, using the data you collected via pcap, they here's a suggested methodology. It assumes that you've collected a substantial amount of pcap from hosts internal to the network. Replay all the pcap files through p0f (get it at http://lcamtuf.coredump.cx/p0f.shtml) to generate a list of probably OS installs at the recorded IP addresses. Given that you'll now have a OS to IP map of the network, you in essence have a non-visual network topology. If pictures are important, you could manually construct the network diagram or write a PERL script to do it for you (as per the suggestion from Nathan Einwechter). Sounds almost like a new spin on Cheops...
any help will be highly appreciated
I hope this does. Alex Arndt CISSP, GCIA, GCIH "Within all order is the potential for chaos..."
Current thread:
- RE: generating a network map, (continued)
- RE: generating a network map Steve Figures (Jun 18)
- Re: generating a network map Rodrigo Blanco (Jun 18)
- Re: generating a network map Peyman GOHARI (Jun 18)
- RE: generating a network map Richard Zaluski (Jun 18)
- Re: generating a network map Nathan Einwechter (Jun 18)
- Re: generating a network map R. DuFresne (Jun 18)
- Re: generating a network map Jeroen (Jun 18)
- RE: generating a network map Richard Zaluski (Jun 18)
- RE: generating a network map Clement Dupuis (Jun 19)
- RE: generating a network map Steve A (Jun 19)
- RE: generating a network map Alex Arndt (Jun 19)
- Re: generating a network map Javier Blanque (Jun 19)
- Re: generating a network map Johan Petersson (Jun 20)
- RE: generating a network map Erez (Jun 20)
- Re: generating a network map Christian Lecompte (Jun 20)
- Re: generating a network map Luis Ángel Fernández Escabias (Jun 23)
- RE: generating a network map Steve Goldsby (ICS) (Jun 19)
- RE: generating a network map Todd Towles (Jun 20)
- RE: generating a network map Jarmon, Don R (Jun 22)