Dear Joel, Throwing some light on the nature of the network would be more beneficial, like you say rogue machines, if these are on the network... then there has to be a reason that they need to be on the network... like for instances.. some one just connects his PC and assigns it his own IP address then .. thats not going to help him much.. though he can use his PC .. he will nto be able to access a lot of information on the networkk... whats worse.. he might not be able to acess internet. unless he has assigned a proper IP address and the default gateway, if u feel that all the users are accesing internet.. then check the logs on the gateway.. check what networks is this gateway configured to access... then sniff for packets for those subnets... that will tell you a lot.. apart from that.. the sniffer works by caputring packets... dont look at IP addresses.. look at the MAC addresses ... then do a reverse arp lookup to see what IP addresses they are pointing back to.. chekc the logs on the wins server and the dns servers... check the cache on the dns if it is configured for a chaching purpose...
-----Original Message----- From: Filipe Joel de Almeida [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 12:14 PM To: NT 2000 Discussions Subject: RE: Network discovery I AM going to do it, but the problem is that the guy wants me to be able at ANYTIME to see if anyone changed their IP definitions and are working on a different IP subnet (sometimes playing some games) See my problem? If I could make a broadcast, and receive some information about all systems on the network (they could answer also through a broadcast like in the DHCP process), it would make my day!! Filipe Joel de Almeida Network Consultant [EMAIL PROTECTED] Mobile: +351 967819600 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bartolini Sent: ter�a-feira, 23 de Abril de 2002 4:18 To: NT 2000 Discussions Subject: Re: Network discovery I know that feeling. I did 1200 boxes in 4-days with 4 guys. That was a metro(MAN) that involved some driving... as well as...keeping up with the daily TECH work! It left us DEAD-tired but we had a feeling of satisfaction and complete data on ALL the boxes. Sometimes you just have to get up and.... GO GET IT... in order to be sure! David ----- Original Message ----- From: "Leonard Lee" <[EMAIL PROTECTED]> To: "NT 2000 Discussions" <[EMAIL PROTECTED]> Sent: Monday, April 22, 2002 10:53 PM Subject: RE: Network discovery > ...and even with a switch...how about those systems that are turned off, not > on the network, or have badly configured network settings....won't catch > those. > > Do a physical inventory. 100 PC's in a factory...part-time 2 days a > week...so what. I did a physical inventory of 800 PC in a factory in less > then 3 days (a team of 3 guys)....so, with 100 PC...not a big job at all. > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Anthony L. > > Sollars > > Sent: April 22, 2002 7:52 PM > > To: NT 2000 Discussions > > Subject: RE: Network discovery > > > > > > There really isn't anything you can do about this man, the > > only way you can > > make this work would be to have switches in your network and > > or ge the mac > > address info from a the GW router, which you said isn't possible. > > > > I have an idea, call up a vendor and work out a deal on a > > nice manageable > > switch with a full set of snmp features. Get them to agree to > > a short trial > > period to see if the equipment works as promised. Use the > > equipment long > > enough to record the address info you need then ship it back. > > I happen to > > know DEll has a 30 day money back guarentee, and if you have > > net-30 terms > > this can be very easy to do. WE just did this with a 4 LTO drive tape > > library. > > > > > > Well hope it all works out. > > > > > > -TOny > > > > -----Original Message----- > > From: Filipe Joel de Almeida [mailto:[EMAIL PROTECTED]] > > Sent: Monday, April 22, 2002 1:54 PM > > To: NT 2000 Discussions > > Subject: RE: Network discovery > > > > > > Yeah, but don't forget the 'rogue' machines I'm trying to find out > > provably don't have a default gateway configured. > > > > My current IP address is 192.168.69.111 > > > > I have a machine connected to the same hub as I am, with the IP > > 10.10.10.10 and no default gateway > > > > There's no way I can make LANGuard see that machine unless: > > > > 1- I have an IP of the same subnet > > 2- I correctly configure TCP/IP on that machine. > > > > This totally defeats my purpose! I was thinking it was > > possible to send > > a broadcast and receiving information about all machines connected to > > the network, even if they had a different subnet and no gateway! > > > > Filipe Joel de Almeida > > Network Consultant > > [EMAIL PROTECTED] > > Mobile: +351 967819600 > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On Behalf Of King, John > > Sent: segunda-feira, 22 de Abril de 2002 21:14 > > To: NT 2000 Discussions > > Subject: RE: Network discovery > > > > I am not sure how Etherpeek works, but with a basic sniffer > > you will see > > an > > IP address of some sort. Which from what you said sounds > > like what you > > see. > > > > > > Now for example, say that you see the IP address 192.168.1.127 in your > > sniffer program. > > > > Open LANguard or any other network scanner and for an address > > range put > > in > > 192.168.1.1 - 192.168.1.254 ... Get it? Now the scanner > > will scan all > > of > > the addresses in between and show you which ones are live.. Just look > > for > > the first three numbers of the octet and put 1-254 at the end.. Does > > that > > help? Maybe you already understood this..? All that the sniffer will > > do is > > point you in the proper direction, by showing you the 'active' IPs on > > your > > network. Then you have to scan the full subnet ranger with a > > scanner to > > find out what IPs are really being used.. > > > > Good Luck > > > > ~John > > > > ~~~Snort, sniffing packets not glue~~~ > > > > -----Original Message----- > > From: Filipe Joel de Almeida [mailto:[EMAIL PROTECTED]] > > Sent: Monday, April 22, 2002 4:06 PM > > To: NT 2000 Discussions > > Subject: RE: Network discovery > > > > > > Well, with etherpeek I can only see information packet by packet, and > > nothing shows up on the nodes or protocols tab... any help on > > how to use > > all the data I have already captured to give me a list of all the IP > > addresses? > > > > With Languard, it requires me to specify witch IP's to scan, > > but I don't > > know that!! > > > > Am I messing up somewhere? > > > > Filipe Joel de Almeida > > Network Consultant > > [EMAIL PROTECTED] > > Mobile: +351 967819600 > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On Behalf Of John Allhiser > > Sent: segunda-feira, 22 de Abril de 2002 20:41 > > To: NT 2000 Discussions > > Subject: RE: Network discovery > > > > Ahh. You can let the sniffer run for a while. This will let you know > > who is > > doing what on your network. > > > > For a simple list of addresses, try a simple scanner: > > http://www.gfi.com/lannetscan/index.htm > > > > This, of course depends on what hosts are running at the time. > > > > -----Original Message----- > > From: Filipe Joel de Almeida [mailto:[EMAIL PROTECTED]] > > Sent: Monday, April 22, 2002 2:42 PM > > To: NT 2000 Discussions > > Subject: RE: Network discovery > > > > > > I've installed the demo version, and it allows me to see packet by > > packet what's > > the source address and the destination address, but it seems > > there's no > > way of > > just getting a list of all the addresses. > > > > Filipe Joel de Almeida > > Network Consultant > > [EMAIL PROTECTED] > > Mobile: +351 967819600 > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On Behalf Of John Allhiser > > Sent: segunda-feira, 22 de Abril de 2002 19:13 > > To: NT 2000 Discussions > > Subject: RE: Network discovery > > > > Depending on the hardware you connect the sniffer to a mirrored or > > spanned port. > > the port effectively becomes a hub. > > > > -----Original Message----- > > From: Filipe Joel de Almeida [mailto:[EMAIL PROTECTED]] > > Sent: Monday, April 22, 2002 1:09 PM > > To: NT 2000 Discussions > > Subject: RE: Network discovery > > > > > > Thanks, I'll look it out. > > > > What If I was connected by switches, what could I do to do this? > > > > Filipe Joel de Almeida > > Network Consultant > > [EMAIL PROTECTED] > > Mobile: +351 967819600 > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On Behalf Of John Allhiser > > Sent: segunda-feira, 22 de Abril de 2002 18:52 > > To: NT 2000 Discussions > > Subject: RE: Network discovery > > > > Yes. Especially since you are connected by hubs. > > > > www.wildpackets.com > > > > -----Original Message----- > > From: Filipe Joel de Almeida [mailto:[EMAIL PROTECTED]] > > Sent: Monday, April 22, 2002 1:01 PM > > To: NT 2000 Discussions > > Subject: RE: Network discovery > > > > > > Is that software able to sniff my network and find all active IP > > addresses in > > any subnet? If so, where can I get it? > > > > Filipe Joel de Almeida > > Network Consultant > > [EMAIL PROTECTED] > > Mobile: +351 967819600 > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On Behalf Of John Allhiser > > Sent: segunda-feira, 22 de Abril de 2002 18:46 > > To: NT 2000 Discussions > > Subject: RE: Network discovery > > > > I use and like Wild Packets EtherPeek. > > > > -----Original Message----- > > From: Filipe Joel de Almeida [mailto:[EMAIL PROTECTED]] > > Sent: Monday, April 22, 2002 12:50 PM > > To: NT 2000 Discussions > > Subject: RE: Network discovery > > > > > > > If you network is as disastrous as it sounds, then you may not know > > what > > > IP ranges are being used. If that is the case maybe a TCP sniffer > > could > > > shed some light on what IPs are on the network. > > > > You are right! That is specifically what Is happening! Isn't there any > > good > > sniffer that could tell me what IP's are running around on my > > network? I > > can't > > seem to be able to make windump work! > > > > > > > > > > > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
