Topology discover

[RSMC <smcsoc () yahoo es>]

Hi there,

I am currently performing a pen-test in the internal network of a company.
I am used to pen-testing systems and the set of applications they
support, looking for vulnerabilities in software version, logic or
misconfiguration.
I have also considered routing and protocol attacks as ARP spoofing and
RIP packet injection.

But I think I am missing some techniques to find out what the topology
is. I know about traceroute, firewalk and CDP, but I would like to know
if there is a whitepaper or documentation that explains how to find out
as much as possible about the enviroment I am in. Help about discovering
VLANs is also welcomed.

Thanks in advance.


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------