Security Basics mailing list archives

Re: Discovering network topology

From: nikhil () niiconsulting com
Date: 15 Feb 2007 16:10:01 -0000

Hello Jeremy,

Discovering a network totally depends on the factor from where you are discovering it i.e. within the network (inside)
or outside the network. Off-course discovering network from within the network is far more accurate as compared to the
external ones.

If you are absolutely sure that all the computers within the network are utilizing Microsoft Windows OS, then a tool
called MBSA with Visio connector from Microsoft, could help you out in discovering the network topology (provided you
have Microsoft Visio installed on your system). However third party tools like GFI Languard, Superscan or any network
security scanner, can also help easily to discover the network. Off-course Nmap has always been an indispensable tool
for network discovery.

Now-a-days scanners and discovery tools are so sophisticated and accurate that we can rely on the outputs of these
tools without much hesitation. This is because the rate of false-positive outputs from these tools has been reduced
drastically. However for our satisfactions, we could just verify by ourselves that the outputs are correct and are not
false positives, by manually doing telnet to the IP Address and port.

Besides traceroute (Windows tracert), Windows XP and above OS supports a built-in command called pathping which is
basically an integration of two commands: tracert and ping. The advantages of pathping over ping and tracert are that
each node is pinged as the result of a single command, and that the behaviour of nodes is studied over an extended time
period, rather than the Ping's default sample of four messages or tracert's default single route trace.

Reference:
MBSA with Visio Connector: http://www.microsoft.com/technet/security/tools/mbsavisio.mspx

GFI Languard: http://www.gfi.com/lannetscan/

SuperScan:
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/superscan.htm

Nikhil Wagholikar
Security Analyst

NII Consulting
Web: www.niiconsulting.com

Current thread:

Discovering network topology Jeremy (Feb 15)
- Re: Discovering network topology crazy frog crazy frog (Feb 15)
- RE: Discovering network topology David Rosenhan (Feb 15)
  - RE: Discovering network topology David Gillett (Feb 16)
    - RE: Discovering network topology Ramki B (Feb 26)
- Re: Discovering network topology Kurt Buff (Feb 15)
  - RE: Discovering network topology Steve Fletcher (Feb 16)
    - Re: Discovering network topology Kurt Buff (Feb 26)
- <Possible follow-ups>
- Re: Discovering network topology nikhil (Feb 15)
- RE: Discovering network topology Nhon Yeung (Feb 15)