Home page logo

pen-test logo Penetration Testing mailing list archives

Re: IP secondary network visualization tool?
From: Paul Melson <pmelson () gmail com>
Date: Thu, 21 Jan 2010 06:53:06 -0500

On Wed, Jan 20, 2010 at 7:45 PM, Christopher A. Jarosz
<christopherjarosz () att net> wrote:
Is there a tools like Cheops or ??? That I can use to discover these other
subnets?  I know when you plug in a laptop, you need to configure it with
one of the layer threes, but can you discover these without using a sniffer
and by using some tool, present a network topography?

There are lots of ways to get this kind of information.  Here are a
few off the top of my head:

1. Use nemesis to create RIP general request packets to download known
routers' route tables. (This probably requires a sniffer to capture
the response, but shouldn't require putting the interface in
promiscuous mode.)
2. Use SNMP to query known routers for route table info. (SolarWinds
has several tools that do this well.)
3. Use dig to perform internal DNS zone transfers looking for RFC1918 addresses.
4. Use traceroute to RCF1918 broadcast addresses to discover what
address spaces route internally and which route to the firewall.
5. Use nmap to ping sweep all of the possible RFC1918 class C subnets,
maybe optimize using only likely router addresses (i.e. .1-.3,

Each has its own advantages and drawbacks depending on the network and
the tools you have available to you (e.g. you're working from a
compromised server instead of your own gear placed on the internal
network), but it seems like at least a couple of these will be worth a


This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]