Penetration Testing mailing list archives
Re: [PEN-TEST] subnet discovery
From: Yonatan Bokovza <Yonatan () XPERT COM>
Date: Mon, 19 Mar 2001 18:31:21 +0200
Hacking hping is one option. Using existing tool is far easier. My fav is SING, from sourceforge, or ports/net/sing for the FreeBSD'ers. excerpt: MyMachine# sing -c 1 -mask SolarisMachine SINGing to SolarisMachine (10.0.0.1): 12 data bytes 12 bytes from 10.0.0.1: seq=0 DF! ttl=255 TOS=0 mask=255.255.255.0 --- 10.0.0.1 sing statistics --- 1 packets transmitted, 1 packets received, 0% packet loss According to Arkin's paper (sys-security.com), the only ones that answer ICMP_TIMESTAMP are Solaris, win95/8/ME, winNT-pre SP3, and some routing equipment. Note that Cisco Catalyst 5505 with OSS v4.5 answers both direct requests and broadcast requests. Regards, Yonatan Bokovza. -----Original Message----- From: Dawes, Rogan (ZA - Johannesburg) [mailto:rdawes () DELOITTE CO ZA] Sent: Monday, March 19, 2001 1:27 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] subnet discovery There exists an ICMP netmask message, which might also work. Have a look at hping2. http://www.kyuzz.org/antirez/hping.html Actually, looking at the source, it doesn't support ICMP_ADDRESS requests. Maybe you can hack it. Also have a look at hping3, linked from the same site, although there doesn't seem to be much code yet. Linux also doesn't support ICMP_ADDRESS, it seems, from "man icmp", so Linux 2.2+ machines probably won't answer this type of ICMP message. Rogan -----Original Message----- From: Jason Ellison [mailto:infotek () DATASYNC COM] Sent: 18 March 2001 10:15 To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] subnet discovery has anyone seen a tool that does ping sweeps and detects DUP packets outputing results into a nice parsable format?
Current thread:
- [PEN-TEST] subnet discovery Jason Ellison (Mar 18)
- <Possible follow-ups>
- Re: [PEN-TEST] subnet discovery Dawes, Rogan (ZA - Johannesburg) (Mar 19)
- Re: [PEN-TEST] subnet discovery Yonatan Bokovza (Mar 19)
- Re: [PEN-TEST] subnet discovery Yonatan Bokovza (Mar 19)
- Re: [PEN-TEST] subnet discovery Wynn Fenwick (Mar 19)
- Re: [PEN-TEST] subnet discovery Leif Sawyer (Mar 19)
- Re: [PEN-TEST] subnet discovery Shoten (Mar 20)
- Re: [PEN-TEST] subnet discovery van der Kooij, Hugo (Mar 20)
- Re: [PEN-TEST] subnet discovery Gary E. Miller (Mar 20)
- Re: [PEN-TEST] subnet discovery Fyodor (Mar 20)
- Re: [PEN-TEST] subnet discovery Shoten (Mar 20)
- Re: [PEN-TEST] subnet discovery van der Kooij, Hugo (Mar 20)