Penetration Testing mailing list archives
Re: IP secondary network visualization tool?
From: "Christopher A. Jarosz" <christopherjarosz () att net>
Date: Sat, 23 Jan 2010 19:18:20 -0800
Hi Jerry!!! Sorry about the delay on answering your question about using a sniffer on the client's network. They said they're using Cisco Security Agent (CSA) and they were under the impression that the agent running on their servers and clients would detect a NIC in promiscuous mode on their network. I found out through some research that only systems running the agent would detect **only** if the device's NIC was running something like wireshark. It didn't report if a system on that segment was sniffing. I agree that as part of an internal pen test you'd run a sniffer to see the local traffic (flood the CAM or span the VLAN), just I wanted to make sure I wasn't detected.... Thanks!!! chrisj
From: "Shenk, Jerry A" <jshenk () windstream com> Date: Thu, 21 Jan 2010 08:29:37 -0500 To: "Christopher A. Jarosz" <christopherjarosz () att net>, <pen-test () securityfocus com> Conversation: IP secondary network visualization tool? Subject: RE: IP secondary network visualization tool? Cheops would be one tool that should be able to do that - it would not really know that both/all networks ran on the same wire though. I believe Cheops should show you that local network, the router that you refer to and the other network(s) as being all separate because from an IP standpoint, the only way to get between the networks is through some router. When I'm doing an internal pen-test, I almost always fire up a sniffer as one of the first things I do. Why do you want to avoid using a sniffer? -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Christopher A. Jarosz Sent: Wednesday, January 20, 2010 7:46 PM To: pen-test () securityfocus com Subject: IP secondary network visualization tool? Good Day Everyone!!! I have a quick question for you. I¹m doing a pen-test with a client and was curious about something. I did a ³sniff² on a layer two domain and saw multiple layer three addressing (i.e. 10.0.0.0/16, 192.168.1.0/24...etc). I looked at their router and sure enough, the client was running multiple layer three subnets on the layer two domain. I know Cisco supports doing that, but, here is my question... Is there a tools like Cheops or ??? That I can use to discover these other subnets? I know when you plug in a laptop, you need to configure it with one of the layer threes, but can you discover these without using a sniffer and by using some tool, present a network topography? Thanks!!! Best and finest regards!!! Chrisj ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- IP secondary network visualization tool? Christopher A. Jarosz (Jan 21)
- Re: IP secondary network visualization tool? Chris Brenton (Jan 21)
- Re: IP secondary network visualization tool? Paul Melson (Jan 21)
- Re: IP secondary network visualization tool? Zack Payton (Jan 25)
- Re: IP secondary network visualization tool? IPv7 (Jan 27)
- Re: IP secondary network visualization tool? IPv7 (Jan 27)
- Re: IP secondary network visualization tool? Christopher A. Jarosz (Jan 28)
- Re: IP secondary network visualization tool? Zack Payton (Jan 25)
- <Possible follow-ups>
- Re: IP secondary network visualization tool? Christopher A. Jarosz (Jan 25)