|
Penetration Testing
mailing list archives
Re: Find out the subnetting of a company
From: Martin Mačok <martin.macok () underground cz>
Date: Fri, 23 Jul 2004 09:33:06 +0200
On Tue, Jul 20, 2004 at 12:53:43PM -0400, David M. Zendzian wrote:
Isn't there some icmp or ip based packet that can be sent to most
devices querying the subnet theyare in?
I recommend The Hackers Choice THC-RUT. I use it to quickly scan large
networks through ARP/ICMP/IP requests and it works great. It runs on
Linux, BSD and Solaris.
http://www.thc.org/thc-rut/
RUT (aRe yoU There, pronouced as 'root') is your first knife on
foreign network. It gathers informations from local and remote
networks.
It offers a wide range of network discovery utilities like arp lookup
on an IP range, spoofed DHCP request, RARP, BOOTP, ICMP-ping, ICMP
address mask request, OS fingerprinting, high-speed host discovery,
...
THC-RUT comes with a OS host Fingerprinter which determines the
remote OS by open/closed port characteristics, banner matching and
nmap fingerprinting techniques (T1, tcpoptions).
The fingerprinter has been developerd to quickly (10mins) categorize
hosts on a Class B network. Information sources are (amoung others)
SNMP replies, telnetd (NVT) negotiation options, generic Banner
Matching, HTTP-Server version, DCE request and tcp options. It is
compatible to the nmap-os-fingerprints database and comes in addition
to this with his own perl regex capable fingerprinting database
(thcrut-os-fingerprints).
The latest version is
http://www.thc.org/download.php?t=r&f=thcrut-1.2.5.tar.gz
Martin Mačok
IT Security Consultant
 By Date 
By Thread
Current thread:
- RE: Find out the subnetting of a company, (continued)
|
Intro
