[EMAIL PROTECTED] wrote: [SNIP...] > The automated tool sets do little to organize the diagram of the > network it "auto-discovers" other than just show you what's connected > to a specific ethernet "segment". They won't show you what's a > server of what, what's a client of what, etc. Usually, the > network/system administrator already knows that, and is just trying > to save some time from having to draw things themselves.
It depends on the tool set. Something like NPulse scans the network, and continuously monitors all of the ports on all of the machines that it finds. So, in a way, it does tell you what is serving what. Also, most sniffers will tell you which direction traffic is going, and what is serving what. EtherApe has a nice GUI representation of traffic flow, as does Cheops. > What you might want to do is this: > > 1. use something like fping to ping a subnet and find live IP > addresses. If you know the IP address of the system you are on, you can scan the subnet that it is on. Most switches, however, won't allow a brodcast, directed or not, to cross. > 2. use nessus or something like that to then scan the live > IP addresses for open ports. DON'Y USE NESSUS!! Nessus is for security auditing and vulnerability assessment. Use nmap. Nmap is command-line friendly, faster, and is more targeted to the job at hand. Nessus is extreme over-kill. Not to mention the fact that it might just take down your router, or any Windows boxen that get in it's way ;-) > 3. For each IP with open ports, draw a picture or make some > notation that will list each open port on that IP address. > > Now you have a complete list of active IPs on a subnet with a list of > open ports on each active system. From this you should be able to > determine which ones are servers and which ones are clients. You could also do a comparison of response times to estimate relative physical position of the system in relation to the system the program is running on. This, of course, would be highly unreliable, but it could be done. > Obviously certain IP addresses are likely to be gateways or IP > addresses of routers or managed hubs/switches, in which case there > won't, or shouldn't, be any open ports. You could then probe each > on using snmp to determine the manufacturer and model name of the > equipment. This requires the router/gateway to be running snmp. Given the recent talk of the evils of snmp, this could be a problem. C-Ya, Kenny -- --------------------------------------------------- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0D2BA57 ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
