Dear Joel,
Throwing some light on the nature of the network would be more
beneficial, like you say rogue machines, if these are on the network...
then there has to be a reason that they need to be on the network...
like for instances.. some one just connects his PC and assigns it his
own IP address then .. thats not going to help him much.. though he can
use his PC .. he will nto be able to access a lot of information on the
networkk... whats worse.. he might not be able to acess internet. unless
he has assigned a proper IP address and the default gateway, if u feel
that all the users are accesing internet.. then check the logs on the
gateway.. check what networks is this gateway configured to access...
then sniff for packets for those subnets... that will tell you a lot..
apart from that.. the sniffer works by caputring packets... dont look at
IP addresses.. look at the MAC addresses ... then do a reverse arp
lookup to see what IP addresses they are pointing back to.. chekc the
logs on the wins server and the dns servers... check the cache on the
dns if it is configured for a chaching purpose... 


-----Original Message-----
From: Filipe Joel de Almeida [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 23, 2002 12:14 PM
To: NT 2000 Discussions
Subject: RE: Network discovery


I AM going to do it, but the problem is that the guy wants me to be able
at ANYTIME to see if anyone changed their IP definitions and are working
on a different IP subnet (sometimes playing some games)

See my problem? If I could make a broadcast, and receive some
information about all systems on the network (they could answer also
through a broadcast like in the DHCP process), it would make my day!!

Filipe Joel de Almeida
Network Consultant
[EMAIL PROTECTED]
Mobile: +351 967819600
 

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Bartolini
Sent: ter�a-feira, 23 de Abril de 2002 4:18
To: NT 2000 Discussions
Subject: Re: Network discovery

I know that feeling.
I did 1200 boxes in 4-days with 4 guys. That was a metro(MAN) that
involved
some driving... as well as...keeping up with the daily TECH work!
It left us DEAD-tired but we had a feeling of satisfaction and complete
data
on ALL the boxes.

Sometimes you just have to get up and.... GO GET IT... in order to be
sure!

David

----- Original Message -----
From: "Leonard Lee" <[EMAIL PROTECTED]>
To: "NT 2000 Discussions" <[EMAIL PROTECTED]>
Sent: Monday, April 22, 2002 10:53 PM
Subject: RE: Network discovery


> ...and even with a switch...how about those systems that are turned
off,
not
> on the network, or have badly configured network settings....won't
catch
> those.
>
> Do a physical inventory.  100 PC's in a factory...part-time 2 days a
> week...so what.  I did a physical inventory of 800 PC in a factory in
less
> then 3 days (a team of 3 guys)....so, with 100 PC...not a big job at
all.
>
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Anthony L.
> > Sollars
> > Sent: April 22, 2002 7:52 PM
> > To: NT 2000 Discussions
> > Subject: RE: Network discovery
> >
> >
> > There really isn't anything you can do about this man, the
> > only way you can
> > make this work would be to have switches in your network and
> > or ge the mac
> > address info from a the GW router, which you said isn't possible.
> >
> > I have an idea, call up a vendor and work out a deal on a
> > nice manageable
> > switch with a full set of snmp features. Get them to agree to
> > a short trial
> > period to see if the equipment works as promised. Use the
> > equipment long
> > enough to record the address info you need then ship it back.
> > I happen to
> > know DEll has a 30 day money back guarentee, and if you have
> > net-30 terms
> > this can be very easy to do. WE just did this with a 4 LTO drive
tape
> > library.
> >
> >
> > Well hope it all works out.
> >
> >
> > -TOny
> >
> > -----Original Message-----
> > From: Filipe Joel de Almeida [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, April 22, 2002 1:54 PM
> > To: NT 2000 Discussions
> > Subject: RE: Network discovery
> >
> >
> > Yeah, but don't forget the 'rogue' machines I'm trying to find out
> > provably don't have a default gateway configured.
> >
> > My current IP address is 192.168.69.111
> >
> > I have a machine connected to the same hub as I am, with the IP
> > 10.10.10.10 and no default gateway
> >
> > There's no way I can make LANGuard see that machine unless:
> >
> > 1- I have an IP of the same subnet
> > 2- I correctly configure TCP/IP on that machine.
> >
> > This totally defeats my purpose! I was thinking it was
> > possible to send
> > a broadcast and receiving information about all machines connected
to
> > the network, even if they had a different subnet and no gateway!
> >
> > Filipe Joel de Almeida
> > Network Consultant
> > [EMAIL PROTECTED]
> > Mobile: +351 967819600
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]] On Behalf Of King, John
> > Sent: segunda-feira, 22 de Abril de 2002 21:14
> > To: NT 2000 Discussions
> > Subject: RE: Network discovery
> >
> > I am not sure how Etherpeek works, but with a basic sniffer
> > you will see
> > an
> > IP address of some sort.  Which from what you said sounds
> > like what you
> > see.
> >
> >
> > Now for example, say that you see the IP address 192.168.1.127 in
your
> > sniffer program.
> >
> > Open LANguard or any other network scanner and for an address
> > range put
> > in
> > 192.168.1.1 - 192.168.1.254 ...  Get it?  Now the scanner
> > will scan all
> > of
> > the addresses in between and show you which ones are live..  Just
look
> > for
> > the first three numbers of the octet and put 1-254 at the end..
Does
> > that
> > help?  Maybe you already understood this..?  All that the sniffer
will
> > do is
> > point you in the proper direction, by showing you the 'active' IPs
on
> > your
> > network.  Then you have to scan the full subnet ranger with a
> > scanner to
> > find out what IPs are really being used..
> >
> > Good Luck
> >
> >    ~John
> >
> > ~~~Snort, sniffing packets not glue~~~
> >
> > -----Original Message-----
> > From: Filipe Joel de Almeida [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, April 22, 2002 4:06 PM
> > To: NT 2000 Discussions
> > Subject: RE: Network discovery
> >
> >
> > Well, with etherpeek I can only see information packet by packet,
and
> > nothing shows up on the nodes or protocols tab... any help on
> > how to use
> > all the data I have already captured to give me a list of all the IP
> > addresses?
> >
> > With Languard, it requires me to specify witch IP's to scan,
> > but I don't
> > know that!!
> >
> > Am I messing up somewhere?
> >
> > Filipe Joel de Almeida
> > Network Consultant
> > [EMAIL PROTECTED]
> > Mobile: +351 967819600
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]] On Behalf Of John
Allhiser
> > Sent: segunda-feira, 22 de Abril de 2002 20:41
> > To: NT 2000 Discussions
> > Subject: RE: Network discovery
> >
> > Ahh.  You can let the sniffer run for a while.  This will let you
know
> > who is
> > doing what on your network.
> >
> > For a simple list of addresses, try a simple scanner:
> > http://www.gfi.com/lannetscan/index.htm
> >
> > This, of course depends on what hosts are running at the time.
> >
> > -----Original Message-----
> > From: Filipe Joel de Almeida [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, April 22, 2002 2:42 PM
> > To: NT 2000 Discussions
> > Subject: RE: Network discovery
> >
> >
> > I've installed the demo version, and it allows me to see packet by
> > packet what's
> > the source address and the destination address, but it seems
> > there's no
> > way of
> > just getting a list of all the addresses.
> >
> > Filipe Joel de Almeida
> > Network Consultant
> > [EMAIL PROTECTED]
> > Mobile: +351 967819600
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]] On Behalf Of John
Allhiser
> > Sent: segunda-feira, 22 de Abril de 2002 19:13
> > To: NT 2000 Discussions
> > Subject: RE: Network discovery
> >
> > Depending on the hardware you connect the sniffer to a mirrored or
> > spanned port.
> > the port effectively becomes a hub.
> >
> > -----Original Message-----
> > From: Filipe Joel de Almeida [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, April 22, 2002 1:09 PM
> > To: NT 2000 Discussions
> > Subject: RE: Network discovery
> >
> >
> > Thanks, I'll look it out.
> >
> > What If I was connected by switches, what could I do to do this?
> >
> > Filipe Joel de Almeida
> > Network Consultant
> > [EMAIL PROTECTED]
> > Mobile: +351 967819600
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]] On Behalf Of John
Allhiser
> > Sent: segunda-feira, 22 de Abril de 2002 18:52
> > To: NT 2000 Discussions
> > Subject: RE: Network discovery
> >
> > Yes.  Especially since you are connected by hubs.
> >
> > www.wildpackets.com
> >
> > -----Original Message-----
> > From: Filipe Joel de Almeida [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, April 22, 2002 1:01 PM
> > To: NT 2000 Discussions
> > Subject: RE: Network discovery
> >
> >
> > Is that software able to sniff my network and find all active IP
> > addresses in
> > any subnet? If so, where can I get it?
> >
> > Filipe Joel de Almeida
> > Network Consultant
> > [EMAIL PROTECTED]
> > Mobile: +351 967819600
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]] On Behalf Of John
Allhiser
> > Sent: segunda-feira, 22 de Abril de 2002 18:46
> > To: NT 2000 Discussions
> > Subject: RE: Network discovery
> >
> > I use and like Wild Packets EtherPeek.
> >
> > -----Original Message-----
> > From: Filipe Joel de Almeida [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, April 22, 2002 12:50 PM
> > To: NT 2000 Discussions
> > Subject: RE: Network discovery
> >
> >
> > > If you network is as disastrous as it sounds, then you may not
know
> > what
> > > IP ranges are being used.  If that is the case maybe a TCP sniffer
> > could
> > > shed some light on what IPs are on the network.
> >
> > You are right! That is specifically what Is happening! Isn't there
any
> > good
> > sniffer that could tell me what IP's are running around on my
> > network? I
> > can't
> > seem to be able to make windump work!
> >
> >
> >
> >
> >
> >
> > ------
> > You are subscribed as [EMAIL PROTECTED]
> > Archives: http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe send a blank email to %%email.unsub%%
> >
> > ------
> > You are subscribed as [EMAIL PROTECTED]
> > Archives: http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe send a blank email to %%email.unsub%%
> >
> >
> >
> > ------
> > You are subscribed as [EMAIL PROTECTED]
> > Archives: http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe send a blank email to %%email.unsub%%
> >
> > ------
> > You are subscribed as [EMAIL PROTECTED]
> > Archives: http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe send a blank email to %%email.unsub%%
> >
>
>
> ------
> You are subscribed as [EMAIL PROTECTED]
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe send a blank email to %%email.unsub%%


------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to %%email.unsub%%



------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to %%email.unsub%%

------
You are subscribed as [email protected]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]

Reply via email to