RE: Using ARP to map a network

From: Rob Shein (shoten@starpower.net)
Date: Tue Feb 04 2003 - 19:25:38 EST

• Next message: planz: "Re: Using ARP to map a network"
• Previous message: Osvaldo J. Filho: "Re: Using ARP to map a network"
• In reply to: Jason Lewis: "Using ARP to map a network"
• Next in thread: Jason Lewis: "RE: Using ARP to map a network"
• Reply: Jason Lewis: "RE: Using ARP to map a network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I'm not quite sure how ARP harvesting (via SNMP, presumably?) is passive,
but here goes:

On the face of it, you should be able to do this. Problems could occur if
you run into firewalls, or in switched environments where there are machines
that infrequently communicate outwards (and rarely broadcast).
Unfortunately, both of these instances are much more likely with respect to
critical infrastructure (like database back-end servers or the accounting
department.) What is the goal of using this means as opposed to some other
method? SNMP queries to routers may be just as obvious as ping sweeps or
SYN scans in the eyes of an IDS, and perhaps even more so if they have
logging set high enough.

> -----Original Message-----
> From: Jason Lewis [mailto:jlewis@packetnexus.com]
> Sent: Tuesday, February 04, 2003 6:37 PM
> To: pen-test@securityfocus.com
> Subject: Using ARP to map a network
>
>
> I have searched and can't seem to find any tools to help map
> a network based on ARP tables.
>
> It seems to me, I could take ARP tables from several machines
> and build a network map. If machines were behind a router
> the ARP tables would show multiple IP's with the same MAC.
> With enough ARP tables, wouldn't I be able to build a map?
>
> Is my theory flawed?
>
> My goal is to do passive network mapping based on any local
> information I can obtain from computers or network devices.
> Anyone have any ideas?
>
> jas
>
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus Security
> Intelligence Alert (SIA) Service. For more information on
> SecurityFocus' SIA service which automatically alerts you to
> the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: planz: "Re: Using ARP to map a network"
• Previous message: Osvaldo J. Filho: "Re: Using ARP to map a network"
• In reply to: Jason Lewis: "Using ARP to map a network"
• Next in thread: Jason Lewis: "RE: Using ARP to map a network"
• Reply: Jason Lewis: "RE: Using ARP to map a network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:27 EDT