In article <ccudav$dia$1@news-reader5.wanadoo.fr>,
Stéph06 <toto@toto.fr> wrote:
oes anyone know if there is any document/book talking about how to achieve
:a LAN audit. Any url ?
:I heard about NMAP, any other free tool that will help me ?
arpwatch can be useful. nmap can be very useful if you know the
IP address range... and if people haven't firewall'd you out.
Is the LAN on a hub, or is it fully switched? Do you have a place
you could insert a network tap (and can you afford a network tap and
the time to figure out what all the data means)? Does your router
support SPAN (or RSPAN)? Do your router and/or switches support SNMP
with the standard BRIDGE MIB ?
If you are in a fully switched network, then a full LAN audit is not
at all easy. snmp probing can -help- but ARP caches tend to time out after
about 3 minutes and then it can be hard to figure out where a system is.
And not all systems are going to have IP addresses, or they might
have given themselves 169.254.*.* addresses...
For a full network audit, you need to be able to tap/mirror/span traffic
off of the switches, record it, and analyze it with a program such as
tcpdump or ethereal or one of the commercial analysis programs. And you
have to hope that the devices are turned on and active during the time
you are monitoring...
--
"[...] it's all part of one's right to be publicly stupid." -- Dave Smey
