Re: Profiling a Networks Infrastructure

[Paul Melson <pmelson () gmail com>]

On Mon, Jun 22, 2009 at 11:18 AM, pma111<pmaneedham () hotmail com> wrote:
> Is there a specific tool or procedure you use when you want to "profile" a
> specific network. Namely, I would like to see what options somebody could
> use to identify every internal Oracle Database / Database Server that
> resides on the Network. Could this be done without tools by some kind of
> command line instruction, or would it require software installing on the
> network. Or is it no way near as simplistic as this, and even a user sat
> inside the network would need access to network documentation / diagrams etc
> to identify a full list of all internal Oracle DB's / DB Servers.

It totally depends on 1) the specifics of the network and 2) what your
expectations are for a "profile."  The specific example you give can
be done easy enough with a tool like nmap using the -sV flag.   If you
have local access to the server, commands like netstat and lsof can be
used to find listening network ports, and in some cases tie them back
to running processes.  But from the network side, a port scanner like
nmap that can also perform service/banner identification is the
easiest place to start from.

PaulM

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------