LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-22-2012, 08:43 PM   #1
salo_mak
LQ Newbie
 
Registered: Dec 2012
Posts: 4

Rep: Reputation: Disabled
network mapping using tcpdump


Hello,
I was wondering what would be a good command/method for mapping network using tcpdump. Will filtering traffic based on well known port range and then using uniq command do the job? Appreciate your input.

Thanks
salo
 
Old 12-22-2012, 10:40 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,354
Blog Entries: 55

Rep: Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541
In promiscuous mode you should be seeing everything in your subnet segment so there's no apparent need for a BPF filter I'd say: just awk the IP field and uniq it. But I'm wondering what the emphasis actually is on: mapping the network or using tcpdump? If it's the latter: why? Are you thinking of passive recon or something? Or are there other factors you haven't told us about?
 
Old 12-23-2012, 10:00 AM   #3
salo_mak
LQ Newbie
 
Registered: Dec 2012
Posts: 4

Original Poster
Rep: Reputation: Disabled
It is for passive recon and for both "mapping the network as well as use of tcpdump". I am not as comfortable with awk as I am tcpdump. Can u recommend some strategy?..
Thanks
 
Old 12-23-2012, 10:36 AM   #4
salo_mak
LQ Newbie
 
Registered: Dec 2012
Posts: 4

Original Poster
Rep: Reputation: Disabled
one more thing I also need to find out what services and servers are running in the network. That is why I was thinking of using ports.

thanks
 
Old 12-23-2012, 02:46 PM   #5
salo_mak
LQ Newbie
 
Registered: Dec 2012
Posts: 4

Original Poster
Rep: Reputation: Disabled
any one?
 
Old 12-23-2012, 09:21 PM   #6
Bev
LQ Newbie
 
Registered: Sep 2008
Location: Ontario, Canada
Distribution: Slackware 14.2 64bit
Posts: 9

Rep: Reputation: 17
Using the port numbers along with IP addresses is a fairly reliable method of mapping out servers on your network. You can dump out the collected data with the "tcpdump -r" command and save the output to a text file, or just dump the network data in real time. You will need to do some scripting to manipulate the data though. For example you will likely only want to retain the destination IP address and port numbers. You can pipe this data to a text file and then sort it and run the uniq command against the output. This will give you a list of IP addresses and the ports in use.
You should then be able to guess at the server type given the range of ports in use.
You will need to set mirror/monitor ports on your switches so you have enough visability of your network traffic.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Tcpdump for wireless network benfloyd Linux - Wireless Networking 1 11-10-2011 08:40 PM
Tcpdump/ngrep sniff packet network command lines Tonyyyp Linux - Newbie 2 06-22-2011 01:53 PM
[SOLVED] How to capture the network packets including 'push' flag with Tcpdump program. windbadboy Linux - Networking 12 07-02-2009 07:09 AM
Network Analyser based on tcpdump daveyroy Linux - Networking 4 11-29-2004 07:19 PM
Mapping a network Bd22 Linux - Software 2 01-16-2004 02:24 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration