Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Nmap-based mapping/monitoring tool
From: Bob McLaren <BobMcLaren () fssi-ca com>
Date: Tue, 09 Mar 2004 08:57:17 -0800

Sounds like a fun project to me!

The only thing I would be concerned about is trying to monitor an enterprise-sized network using this approach. If you were going to monitor a small and specific range of addresses, you would probably be fine. However, if you intend to scan an entire Class A or even Class B network several times a day, you will end up generating a whole heck of a lot of traffic. Or worse yet, you could run into my problem (see my earlier post), in that my box seems to run out of buffer space whenever I try to scan too many hosts in a network at once.

Other than that, this project sounds very feasable, yet ambitious enough to get you a good grade. ;)


Jake Kallman wrote:

I am developing a network monitoring and mapping tool based around nmap,
which will provide a graphical representation of a network topology and
maintain a database of information about computers in that network.  In
essence, it will take the output of namp, run at scheduled intervals, and
compare that data against data from previous runs to try and flag
potential security and infrastructure problems.

The idea, at a high level is fairly simple, and in fact is a little more
complicated than it needs to be since I'm doing this as a project to
complete my undergraduate degree in CS.  I'm writing a driver program,
which will sit on a network server somewhere, and will run nmap at
scheduled intervals on all computers in the network (which I'm going to
try and optimize somewhat by allowing for multiple nmapping servers in the
network so as to distribute the work as much as possible).  There will
also be a client application which will allow a user to access this data
remotely (ideally I'm trying to create this client application to
allow users to log into the server from multiple platforms, like PDAs and
cell phones, which might not be currently available, but when I talked to
some network engineers in my area they said that it would be a great
feature). The client will access the data from the server program, and
create a graphical map of the network, showing any potential problem
areas. Ideally, I want to be able to flag network slowdowns and outages,
newly enabled/disabled ports on machines, newly connected machines (with
an eye toward being able to watch for unauthorized wireless connections)
and things of that nature.

My question is whether or not this seems like a usable idea?  If not, then
what seems unfeasible about the design?

For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org

For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]