Re: IP secondary network visualization tool?



Or, if their routers are multicasting or broadcasting neighbor
announcements, use dynamips and set up your own virtual router and add
it to the routing domain to get routing table visibility... works with
all routing protocols (except BGP).

Although it doesn't provide subnet masks, Etherape will help you
visualize IP addresses you can see from your promiscuous NIC.



On Thu, Jan 21, 2010 at 3:53 AM, Paul Melson <pmelson@xxxxxxxxx> wrote:
On Wed, Jan 20, 2010 at 7:45 PM, Christopher A. Jarosz
<christopherjarosz@xxxxxxx> wrote:
Is there a tools like Cheops or ??? That I can use to discover these other
subnets?  I know when you plug in a laptop, you need to configure it with
one of the layer threes, but can you discover these without using a sniffer
and by using some tool, present a network topography?

There are lots of ways to get this kind of information.  Here are a
few off the top of my head:

1. Use nemesis to create RIP general request packets to download known
routers' route tables. (This probably requires a sniffer to capture
the response, but shouldn't require putting the interface in
promiscuous mode.)
2. Use SNMP to query known routers for route table info. (SolarWinds
has several tools that do this well.)
3. Use dig to perform internal DNS zone transfers looking for RFC1918 addresses.
4. Use traceroute to RCF1918 broadcast addresses to discover what
address spaces route internally and which route to the firewall.
5. Use nmap to ping sweep all of the possible RFC1918 class C subnets,
maybe optimize using only likely router addresses (i.e. .1-.3,
.252-.254).

Each has its own advantages and drawbacks depending on the network and
the tools you have available to you (e.g. you're working from a
compromised server instead of your own gear placed on the internal
network), but it seems like at least a couple of these will be worth a
shot.

PaulM

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------