Home arrow Security arrow LAN Reconnaissance

LAN Reconnaissance

If you're trying to keep your LAN secure, sometimes it helps to think like a cracker. This article shows you how to scout out a LAN, and how malicious hackers get around security. It is excerpted from chapter four of Security Power Tools, written by Bryan Burns et. al. (O'Reilly, 2007; ISBN: 0596009631). Copyright © 2007 O'Reilly Media, Inc. All rights reserved. Used with permission from the publisher. Available from booksellers or direct from O'Reilly Media.

  1. LAN Reconnaissance
  2. 4.1 Mapping the LAN
  3. 4.2 Using ettercap and arpspoof on a Switched Network
  4. 4.3 Dealing with Static ARP Tables
  5. 4.4 Getting Information from the LAN
  6. 4.5 Manipulating Packet Data
By: O'Reilly Media
Rating: starstarstarstarstar / 5
November 13, 2008

print this article



This chapter covers LAN reconnaissance; specifically, it covers capturing packets and scoping out the LAN environment using ettercap-ng, p0f, and dsniff. When investigating a LAN, your goals can sometimes be at odds with each other. Are you trying to be quick? Is stealth a factor? Sometimes going for speed can compromise your intentions (whatever they may be). The nature of the LAN itself poses some questions as well. What physical access to the LAN do you have? Is the LAN switched? What kind of monitoring is present? What are the repercussions of being discovered?

Topics that are discussed in this chapter include:

  1. Scanning for hosts on a network segment
  2. Capturing packets on a switched network
  3. Defeating some common obstacles
  4. Identifying hosts and sniffing passwords
  5. Making changes to packet data

Before we begin, let’s talk briefly about the tools we’ll be using.

ettercap is written by Alberto Ornaghi and Marco Valleri. ettercap strives to be the most capable packet sniffer for use in a switched environment. The differences between the older ettercap program and the newer ettercap-ng are numerous, but in a nutshell, some of the biggest changes are unified sniffing and layer 3 routing. The ettercap-ng project homepage can be found at http://ettercap.sourceforge.net. Along with downloads for source and binaries, the site includes documentation and the community forum.

The dsniff suite was written by Dug Song. dsniff is a collection of tools for network auditing and penetration testing and consists of arpspoof, dnsspoof, dsniff, filesnarf, macof, mailsnarf, msgsnarf, sshmitm, urlsnarf, webmitm, and webspy. dsniff is available at http://www.monkey.org/~dugsong/dsniff/.

Finally, p0f was written by Michal Zalewski. p0f version 2 is a versatile, passive OS fingerprinting tool. p0f is available at http://lcamtuf.coredump.cx/p0f.shtml along with documentation and additional information on network reconnaissance.

>>> More Security Articles          >>> More By O'Reilly Media

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Secure Your Business for Data Privacy Day
- Google Testing Security Fob Password Alterna...
- Security News Highlights Concerns
- Going to Extremes for Data Security
- Skipfish Website Vulnerability Scanner
- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- What’s behind the curtain? Part II

Developer Shed Affiliates


Dev Shed Tutorial Topics: