From: sith@sithender.com
Date: Tue Feb 04 2003 - 19:00:08 EST
On Tue, Feb 04, 2003 at 06:36:59PM -0500, Jason Lewis wrote:
> I have searched and can't seem to find any tools to help map a network
> based on ARP tables.
>
> It seems to me, I could take ARP tables from several machines and build a
> network map.
Yes, you could at least see what machines were up on the network. One thing
I sometimes do is ping the broadcast address, and then save the arp table,
but that is obviously not passive, hehe.
> If machines were behind a router the ARP tables would show
> multiple IP's with the same MAC. With enough ARP tables, wouldn't I be
> able to build a map?
You won't have listings in your arp table beyond your subnet.
> Is my theory flawed?
>
> My goal is to do passive network mapping based on any local information I
> can obtain from computers or network devices. Anyone have any ideas?
Unless you have static arp tables, you won't have things in your arp tables
for usually more than a few minutes, so It's probably just as easy to get
this information listening to network traffic, ie. logging the original arp
replies.
Hope this helps,
sithEnder
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:27 EDT