From: Rob Shein (shoten@starpower.net)
Date: Wed Feb 05 2003 - 13:48:55 EST
The only way to truly passively map a network, the term "passive" meaning
you initiate nothing, is to be on the network, listening. And any machine
that does not send traffic onto your local wire (be it a VLAN, hub, your
port on the switch, or whatever) will not show up. This is why people still
use active (and much more detectable) means to map networks.
> -----Original Message-----
> From: Jason Lewis [mailto:jlewis@packetnexus.com]
> Sent: Tuesday, February 04, 2003 7:36 PM
> To: pen-test@securityfocus.com
> Subject: RE: Using ARP to map a network
>
>
> Maybe I am asking the wrong question.
>
> If my goal is to passively map a network, what is the best
> way to do that?
>
> > I'm not quite sure how ARP harvesting (via SNMP, presumably?) is
> > passive, but here goes:
> >
> > On the face of it, you should be able to do this. Problems could
> > occur if you run into firewalls, or in switched environments where
> > there are machines that infrequently communicate outwards
> (and rarely
> > broadcast). Unfortunately, both of these instances are much more
> > likely with respect to critical infrastructure (like
> database back-end
> > servers or the accounting department.) What is the goal of
> using this
> > means as opposed to some other method? SNMP queries to
> routers may be
> > just as obvious as ping sweeps or SYN scans in the eyes of
> an IDS, and
> > perhaps even more so if they have logging set high enough.
> >
> >> -----Original Message-----
> >> From: Jason Lewis [mailto:jlewis@packetnexus.com]
> >> Sent: Tuesday, February 04, 2003 6:37 PM
> >> To: pen-test@securityfocus.com
> >> Subject: Using ARP to map a network
> >>
> >>
> >> I have searched and can't seem to find any tools to help map a
> >> network based on ARP tables.
> >>
> >> It seems to me, I could take ARP tables from several machines and
> >> build a network map. If machines were behind a router the
> ARP tables
> >> would show multiple IP's with the same MAC. With enough
> ARP tables,
> >> wouldn't I be able to build a map?
> >>
> >> Is my theory flawed?
> >>
> >> My goal is to do passive network mapping based on any local
> >> information I can obtain from computers or network devices. Anyone
> >> have any ideas?
> >>
> >> jas
> >>
> >>
> >>
> >> --------------------------------------------------------------
> >> --------------
> >> This list is provided by the SecurityFocus Security Intelligence
> >> Alert (SIA) Service. For more information on SecurityFocus' SIA
> >> service which automatically alerts you to the latest security
> >> vulnerabilities please see:
> > https://alerts.securityfocus.com/
>
>
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus Security
> Intelligence Alert (SIA) Service. For more information on
> SecurityFocus' SIA service which automatically alerts you to
> the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:27 EDT