Date: Tue, 24 Mar 2009 10:11:14 -0400 From: John Almberg <jalmberg@identry.com> To: Steve Bertrand <steve@ibctech.ca> Cc: freebsd-questions@freebsd.org Subject: Re: utility that scans lan for client? Message-ID: <2CAFBDC3-B4EB-4C33-8522-FBBAD71C92CB@identry.com> In-Reply-To: <49C8486C.7020300@ibctech.ca> References: <E4A3989A-982F-4B9D-971D-25C49A932EB7@identry.com> <49C8486C.7020300@ibctech.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
> I suspect that you don't have a switch that can port 'mirror' or > 'span'. > If you do, let us know. > > Otherwise, if you *really* want to find out what is on your switched > Ethernet network, and nmap/arp etc. isn't enough, then I'd > recommend an > application called 'ettercap'. It runs on the CLI, and a colleague > also > has a nice GUI for it (under Linux) as well. > > This will allow you to infiltrate the network at Layer-2 by arp > poisoning all connected devices, and intercepting all traffic. > > Essentially, you perform a MitM, and you become the host (or in a > small > environment the default gw) that the device is trying to talk to. > > This way, you can find out not only what the host is, but what it > is saying. > > Please understand that this approach has significant side effects. You > can do extensive harm to your local network by using this approach, so > read up on it, and be careful. Know what you are doing, and know the > ramifications of simply disconnecting yourself from the network > prior to > stopping the procedure. Not only that, but if you don't own control of > the switched environment, this is a very good way to get yourself > blocked completely from it. > > This tactic, and port mirror/span/monitor are the easiest ways to know > what is really going on with regards to the wire (if you don't have > ACL's and other mitigation/protection strategies already in place). Thanks. This is probably overkill for this little LAN. There are only 8 machines on it, mainly servers and a big printer and this Vonage device. The clients are mainly wireless devices that come and go, depending on who is in the building. The network is just one Cisco router and an Apple Airport Extreme for wireless (the best wireless access point I've ever used.) The wireless network just extends the wired LAN, so all wired and wireless devices are in the same address space. We actually have a couple cheap Airport Express boxes spread around the building, but they are essentially repeaters for the Airport Extreme, to extend the range. All the machines are either FreeBSD servers or Apple laptops (with the occasional rogue Windows laptop that sneaks in :-) The whole network is simple and cheap, with a minimum of wires, but it works. It just bugged me that I didn't know the IP address of the Vonage box. - John
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2CAFBDC3-B4EB-4C33-8522-FBBAD71C92CB>