Date: Mon, 23 Mar 2009 22:41:48 -0400 From: Steve Bertrand <steve@ibctech.ca> To: John Almberg <jalmberg@identry.com> Cc: freebsd-questions@freebsd.org Subject: Re: utility that scans lan for client? Message-ID: <49C8486C.7020300@ibctech.ca> In-Reply-To: <E4A3989A-982F-4B9D-971D-25C49A932EB7@identry.com> References: <E4A3989A-982F-4B9D-971D-25C49A932EB7@identry.com>
next in thread | previous in thread | raw e-mail | index | archive | help
John Almberg wrote: > I've tried googling for this, but I guess I don't know the name of a > utility such as this... > > What I'm looking for is a utility that can scan a LAN for attached > clients... i.e., computers that are attached to the LAN. > > I have one box (an appliance that I have no access to), that is on the > LAN but I don't know what IP address it's using. I'd like to complete my > network map, and that is the one empty box on my chart. > > Yes, I am obsessive :-) ...and it is ok to be such. I suspect that you don't have a switch that can port 'mirror' or 'span'. If you do, let us know. Otherwise, if you *really* want to find out what is on your switched Ethernet network, and nmap/arp etc. isn't enough, then I'd recommend an application called 'ettercap'. It runs on the CLI, and a colleague also has a nice GUI for it (under Linux) as well. This will allow you to infiltrate the network at Layer-2 by arp poisoning all connected devices, and intercepting all traffic. Essentially, you perform a MitM, and you become the host (or in a small environment the default gw) that the device is trying to talk to. This way, you can find out not only what the host is, but what it is saying. Please understand that this approach has significant side effects. You can do extensive harm to your local network by using this approach, so read up on it, and be careful. Know what you are doing, and know the ramifications of simply disconnecting yourself from the network prior to stopping the procedure. Not only that, but if you don't own control of the switched environment, this is a very good way to get yourself blocked completely from it. This tactic, and port mirror/span/monitor are the easiest ways to know what is really going on with regards to the wire (if you don't have ACL's and other mitigation/protection strategies already in place). Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49C8486C.7020300>