calling all security pros

**Sandman72** · March 16th, 2004, 09:37 AM

ok...I am appealing to all the gods of what is good and unholy in network security. Actually I just figured the collective conscious knows a lot of things that I have never heard of. I am looking for a tool (preferably free) that will scan a network and provide the hostname, MAC, and IP. This is a multiple platform environment, so I will need something that will provide this info for infrastructure, unix based, macintosh based, and windows based equipment. Any ideas? It doesn't have to be a single tool either. Can be multiple tools and hopefully the tools are fast. The tools can also be *nix based or Windows based. I am currently playing with Nmap and sifting through its Man.

Thanks in advance

**Matridom** · March 16th, 2004, 11:28 AM

have you checked the leases at the DHCP server? should give you mac, hostname and IP when the comp requests a lease.

If your running a wins server, you could do similar

**Sandman72** · March 16th, 2004, 02:07 PM

that would be a lot of DHCP servers to check...any other suggestions?

**NooNoo** · March 16th, 2004, 04:01 PM

you have more than one dhcp server on a single broadcast domain?

**Matridom** · March 16th, 2004, 05:29 PM

Originally Posted by Sandman72

that would be a lot of DHCP servers to check...any other suggestions?

sandman, unless you individualy query the mac address through software running on the clients system.. say by installing something, you can only remotely query for MAC's inside of a broadcast domain (like noo stated) however, unlike any other broadcast packets, discovers are often sent through relay agents on routers in order to get IP's. In my view, your going to be hoping from each small section of a network, to another to get the MAC's. DHCP's are atleast a central collection point where you have all the pieces of information handy.

If your looking for one tool that well get everything on YOUR network, then what stops it from getting everything else on connected networks? If that occurs, you could run it on the internet and get everyone's mac address........

**Carpel** · March 16th, 2004, 10:51 PM

To scan YOUR network, or any IP range you like, try LANGuard Network Scanner by GFI . It will show Mac, IP, OS, Device, etc. It's fast, and you can download a free copy last time I checked.

Carpel

**CeeBee** · March 17th, 2004, 07:40 AM

Abel&Cain is a great tool for that (and not only

). http://www.oxid.it
Also known as poor man's l0phtcrack. Oh, did I mention that it's free?

**kato2274** · March 17th, 2004, 07:48 AM

Originally Posted by CeeBee

Abel&Cain is a great tool for that (and not only

). http://www.oxid.it
Also known as poor man's l0phtcrack. Oh, did I mention that it's free?

but when I tried it norton detected a trojan. I'd stay away.

**CeeBee** · March 17th, 2004, 08:10 AM

Originally Posted by kato2274

but when I tried it norton detected a trojan. I'd stay away.

Some old antivirus tools might detect older versions of it as a trojan (since it has a server component), but it's not. Most antivirus vendors have REMOVED it from the detection pattern. Do some googling before condamning this tool...

**kato2274** · March 17th, 2004, 08:21 AM

Originally Posted by CeeBee

Some old antivirus tools might detect older versions of it as a trojan (since it has a server component), but it's not. Most antivirus vendors have REMOVED it from the detection pattern. Do some googling before condamning this tool...

this must be a RECENT development then, because I tried it not too long ago at work and norton corporate 7.5 with definitions updated daily picked it up as a virus. I'll try it again though and see.

oh and PS I believe it's condemning . . . which I wasn't doing just stating some personal experience which I also believe others here have had too. . . adept I believe

**Sandman72** · March 17th, 2004, 12:35 PM

For the record:
I am not looking for this for any less than legitimate reason. I would be running the tools on networks that I am approved to work on. (been around lurking long enough to know not to ask about hacking or piracy)

In case i forgot to mention in my original post, I am also looking for something that will allow me to give it a list of ip ranges to scan. I done really want to manually type in a thousand ranges. The windows boxes are easy to get. I can do that and export it to a nice excel sheet. Its the "others" that are giving me headaches.

**CeeBee** · March 17th, 2004, 12:51 PM

Cain will do that and it's not a hacking tool. It can scan a given range (or your full subnet) and export IP/MAC/OUI Fingerprint/hostname to a file. Give it a try and you'll love it.

**Coyotemac** · March 17th, 2004, 02:31 PM

Although I do not use nessus for this purpose and it is a bit overkill I know it can grab this information. If you're semi-comfortable with Linux try it out. http://nessus.org.

Other thoughts - this won't help on non-windows machines but how about something in you domain log in script? If you're mostly windows you may be able to do something like:

net config workstation >>(giant_text_file)

Of course then you'll need to grep the file to spearate the good from the bad.

I've just started working with PERL and I bet I could pull the above off a little more cleanly and across the different platforms. If you know someone good with perl you may want to talk to them...

**Bigtimbre** · March 18th, 2004, 01:33 PM

I don't think I saw this one mentioned: http://www.networkview.com

It will grab the information you're looking for and automagically layout the network. It can do some monitoring as well. It fits on a floppy so its easily transportable...

**XII** · March 26th, 2004, 01:22 PM

Check out Angry IP scanner from Angry Ziber . Quick and easy, gets IP, Hostname, User via netbios, and MAC address. Not the best but free and simple. Set the options, put in the range, and scan.