Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: generating a network map

from [Alex Arndt] Network Security [Permanent Link]
Subject: RE: generating a network map
Date: Sun, 19 Jun 2005 11:51:28 -0400 
Comments in-line below...


-----Original Message-----
From: Talha [mailto:tt83x@yahoo.com]
Sent: June 18, 2005 1:31 AM
To: pen-test@securityfocus.com
Subject: generating a network map


Hello there,
I am looking for a software that can generate or
reconstruct a network topology from raw data obtained
from live network capturing or offline tcpdump capture
files. 


Sounds to me like you want to build a passive network
map, and avoid doing active network discovery that might
be picked off by your client's security team (this is
the pet-test list, after all).


Also if theres any utility (preferably open source)
than can generate a network map from nmap logs.



Wait, you just mentioned nmap logs. That's active
scanning. If you aren't worried about tipping off
anyone by using an active method, there are several
options (some of which have already been mentioned).

Here's a few ideas, with links:

Ipswitch WhatsUp Pro (topology from active network
discovery)
http://www.ipswitch.com/Products/WhatsUp/professional/
NOTE: 30-day trial available

Cheops (topology from active discovery)
http://www.marko.net/cheops/
NOTE: multiple issues identified by other posters

Etherape (topology from passive monitoring)
http://etherape.sourceforge.net/
NOTE: Good choice, but requires direct access to
monitor network. (Good luck getting a clandestine
TAP and Etherape box onto the network...)

If you don't mind building your topology yourself,
using the data you collected via pcap, they here's
a suggested methodology. It assumes that you've
collected a substantial amount of pcap from hosts
internal to the network.

Replay all the pcap files through p0f (get it at
http://lcamtuf.coredump.cx/p0f.shtml) to generate
a list of probably OS installs at the recorded IP
addresses.

Given that you'll now have a OS to IP map of the
network, you in essence have a non-visual network
topology. If pictures are important, you could
manually construct the network diagram or write a
PERL script to do it for you (as per the suggestion
from Nathan Einwechter). Sounds almost like a new
spin on Cheops...


any help will be highly appreciated


I hope this does.

Alex Arndt
CISSP, GCIA, GCIH

"Within all order is the potential for chaos..."
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: generating a network map, Steve Goldsby (ICS)
Next by Date:  Re: generating a network map, Javier Blanque
Previous by Thread:  RE: generating a network map, Steve A
Next by Thread:  Re: generating a network map, Javier Blanque
Indexes:  [Date] [Thread] [Top] [All Lists]