Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IP secondary network visualization tool?

From: "Christopher A. Jarosz" <christopherjarosz () att net>
Date: Sat, 23 Jan 2010 19:18:20 -0800
Hi Jerry!!!

Sorry about the delay on answering your question about using a sniffer on
the client's network.  They said they're using Cisco Security Agent (CSA)
and they were under the impression that the agent running on their servers
and clients would detect a NIC in promiscuous mode on their network.  I
found out through some research that only systems running the agent would
detect **only** if the device's NIC was running something like wireshark.
It didn't report if a system on that segment was sniffing.

I agree that as part of an internal pen test you'd run a sniffer to see the
local traffic (flood the CAM or span the VLAN), just I wanted to make sure I
wasn't detected....

Thanks!!!

chrisj



From: "Shenk, Jerry A" <jshenk () windstream com>
Date: Thu, 21 Jan 2010 08:29:37 -0500
To: "Christopher A. Jarosz" <christopherjarosz () att net>,
<pen-test () securityfocus com>
Conversation: IP secondary network visualization tool?
Subject: RE: IP secondary network visualization tool?

Cheops would be one tool that should be able to do that - it would not really
know that both/all networks ran on the same wire though.  I believe Cheops
should show you that local network, the router that you refer to and the other
network(s) as being all separate because from an IP standpoint, the only way
to get between the networks is through some router.

When I'm doing an internal pen-test, I almost always fire up a sniffer as one
of the first things I do.  Why do you want to avoid using a sniffer?

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Christopher A. Jarosz
Sent: Wednesday, January 20, 2010 7:46 PM
To: pen-test () securityfocus com
Subject: IP secondary network visualization tool?

Good Day Everyone!!!

I have a quick question for you.  I¹m doing a pen-test with a client and was
curious about something.  I did a ³sniff² on a layer two domain and saw
multiple layer three addressing (i.e. 10.0.0.0/16, 192.168.1.0/24...etc).  I
looked at their router and sure enough, the client was running multiple
layer three subnets on the layer two domain.  I know Cisco supports doing
that, but, here is my question...

Is there a tools like Cheops or ??? That I can use to discover these other
subnets?  I know when you plug in a laptop, you need to configure it with
one of the layer threes, but can you discover these without using a sniffer
and by using some tool, present a network topography?

Thanks!!!

Best and finest regards!!!

Chrisj



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------





------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: