From: Osvaldo J. Filho (osvaldojaneri@uol.com.br)
Date: Tue Feb 04 2003 - 18:53:12 EST
Hello Jason,
You can use arpwatch ( ftp://ftp.ee.lbl.gov/arpwatch.tar.gz) to monitor your
network for ARP changes. It will build a database named arp.dat with all IPs
and their MAC Address. You can use arping too, to check if the mac address
are still on, for example.
--- Osvaldo J. Filho - Security Analyst Unix, Network Devices and viruses specialist. ActiveSec Information Security - http://www.activesec.com --- ----- Original Message ----- From: "Jason Lewis" <jlewis@packetnexus.com> To: <pen-test@securityfocus.com> Sent: Tuesday, February 04, 2003 8:36 PM Subject: Using ARP to map a network > I have searched and can't seem to find any tools to help map a network > based on ARP tables. > > It seems to me, I could take ARP tables from several machines and build a > network map. If machines were behind a router the ARP tables would show > multiple IP's with the same MAC. With enough ARP tables, wouldn't I be > able to build a map? > > Is my theory flawed? > > My goal is to do passive network mapping based on any local information I > can obtain from computers or network devices. Anyone have any ideas? > > jas > > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:27 EDT