Re: IP secondary network visualization tool?



Or, if their routers are multicasting or broadcasting neighbor
announcements, use dynamips and set up your own virtual router and add
it to the routing domain to get routing table visibility... works with
all routing protocols (except BGP).

Although it doesn't provide subnet masks, Etherape will help you
visualize IP addresses you can see from your promiscuous NIC.



On Thu, Jan 21, 2010 at 3:53 AM, Paul Melson <pmelson@xxxxxxxxx> wrote:
On Wed, Jan 20, 2010 at 7:45 PM, Christopher A. Jarosz
<christopherjarosz@xxxxxxx> wrote:
Is there a tools like Cheops or ??? That I can use to discover these other
subnets?  I know when you plug in a laptop, you need to configure it with
one of the layer threes, but can you discover these without using a sniffer
and by using some tool, present a network topography?

There are lots of ways to get this kind of information.  Here are a
few off the top of my head:

1. Use nemesis to create RIP general request packets to download known
routers' route tables. (This probably requires a sniffer to capture
the response, but shouldn't require putting the interface in
promiscuous mode.)
2. Use SNMP to query known routers for route table info. (SolarWinds
has several tools that do this well.)
3. Use dig to perform internal DNS zone transfers looking for RFC1918 addresses.
4. Use traceroute to RCF1918 broadcast addresses to discover what
address spaces route internally and which route to the firewall.
5. Use nmap to ping sweep all of the possible RFC1918 class C subnets,
maybe optimize using only likely router addresses (i.e. .1-.3,
.252-.254).

Each has its own advantages and drawbacks depending on the network and
the tools you have available to you (e.g. you're working from a
compromised server instead of your own gear placed on the internal
network), but it seems like at least a couple of these will be worth a
shot.

PaulM

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: Setting routes w/ set next hop verify-availability in IOS 12.2
    ... the reachability of one of two outbound routers. ... route for a particular host pointing to 10.100.20.5. ... Will the host then just use whatever route is in the MSFC2's routing ...
    (comp.dcom.sys.cisco)
  • Re: What is a default route??
    ... The default route is the next-hop used to send traffic with a destination ... is no specific route to a destination in the hosts routing table. ... alternate packets arrive at the destination server with a different ... Because you reply packets also get translated as they leave your routers. ...
    (comp.os.linux.misc)
  • Re: Email Encryption
    ... second is the examination for storage. ... exponentially more compute power than TCP/IP routing. ... purposes of delay is equivalent to, several additional routers. ... to contextually process), since time to contextually process is consistently ...
    (sci.crypt)
  • Re: problems pinging between FastEthernet and Ethernet interfaces
    ... I'm having some problems with a link between two Cisco routers. ... Ethernet interface. ... routing protocol will not matter. ... The best thing is to post the config of the relevant interfaces. ...
    (comp.dcom.sys.cisco)
  • Re: multiple routing tables review patch ready for simple testing.
    ... leaving this out will result in just a single routing table as per normal. ... now be refered to as FIBs (forwarding Information base?). ... the new command "setfib" sets teh default fib for a process and all its ... I have been working with big routers in my day job for years and it's ...
    (freebsd-net)