[quagga-users 11305] Re: very newbish question regarding netwok discovery

Kurt Buff kurt.buff at gmail.com
Sun Jan 10 21:37:51 GMT 2010


On Sun, Jan 10, 2010 at 12:36, Christopher Barry
<christopher.barry at rackwareinc.com> wrote:
> On Sun, 2010-01-10 at 12:07 -0800, Kurt Buff wrote:
>> On Sun, Jan 10, 2010 at 11:42, Christopher Barry
>> <christopher.barry at rackwareinc.com> wrote:
> Kurt,
>
> Thanks for replying so fast :)
>
> Stepping through your responses:

<snip>

>> 3) Start sending all ones broadcasts on each NIC and see what replies
> you get
>
> I am unfamiliar with what you are talking about here - can you elaborate
> on this technique? Is this a flood ping? My algorithm above does use
> ping now, but again, my goal is to do link layer subnet discovery
> ideally.

Not a flood ping - that's unnecessary. Just send a few pings to
255.255.255.255 and see if anything comes back. I don't expect much
from this, really, but it might be worth trying.

>> 4) start blasting MAC addresses to each connection in the hopes of
>> flooding the tables on the connected devices and start looking at the
>> traffic that comes through on each NIC
>
> in the form of bogus gratuitous arps? I'm not sure I understand this
> suggestion either.

Yes, that would work. In the Windows world, Cain and Abel, in the *nix
world there are other tools. This is a somewhat destructive technique,
however, so I can't really say that it's appropriate.

> The ideal situation is: I bring up the image, bring up the interfaces,
> but leave them unconfigured with IP addresses, and some whiz-bang
> protocol queries each interface at the link-level, and figures out which
> subnets are directly connected to each.

<snip>

On my freebsd box, in ports, I see the following:

     grimsqueaker/usr/ports/net
     $ cat arp-scan/pkg-descr
     arp-scan is a command-line tool that uses the ARP
     protocol to discover and fingerprint IP hosts on
     the local network. It is available for Linux and
     BSD under the GPL licence.
     WWW:	http://www.nta-monitor.com/tools/arp-scan/

     [2010-01-10 13:29]
     grimsqueaker/usr/ports/net
     $ cat arp-sk/pkg-descr
     arp-sk is a tool designed to manipulate ARP tables of all kinds
of equipment.
     This can be easily performed through the sending of the
appropriate packet(s).

     [2010-01-10 13:29]
     grimsqueaker/usr/ports/net
     $ cat arpdig/pkg-descr
     Arpdig is a tool to probe a whole IP address segment or a list of
     IP addresses on the LAN via ARP whohas requests, collecting ARP is-at
     responses and showing the results.
     Dmitry Morozovsky <marck at FreeBSD.org>

One of these might prove more useful.

Kurt


More information about the Quagga-users mailing list