Re: IP secondary network visualization tool?

[Paul Melson <pmelson () gmail com>]

On Wed, Jan 20, 2010 at 7:45 PM, Christopher A. Jarosz
<christopherjarosz () att net> wrote:
> Is there a tools like Cheops or ??? That I can use to discover these other
> subnets?  I know when you plug in a laptop, you need to configure it with
> one of the layer threes, but can you discover these without using a sniffer
> and by using some tool, present a network topography?

There are lots of ways to get this kind of information.  Here are a
few off the top of my head:

1. Use nemesis to create RIP general request packets to download known
routers' route tables. (This probably requires a sniffer to capture
the response, but shouldn't require putting the interface in
promiscuous mode.)
2. Use SNMP to query known routers for route table info. (SolarWinds
has several tools that do this well.)
3. Use dig to perform internal DNS zone transfers looking for RFC1918 addresses.
4. Use traceroute to RCF1918 broadcast addresses to discover what
address spaces route internally and which route to the firewall.
5. Use nmap to ping sweep all of the possible RFC1918 class C subnets,
maybe optimize using only likely router addresses (i.e. .1-.3,
.252-.254).

Each has its own advantages and drawbacks depending on the network and
the tools you have available to you (e.g. you're working from a
compromised server instead of your own gear placed on the internal
network), but it seems like at least a couple of these will be worth a
shot.

PaulM

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------