[nv-l] The -J netmon option. IP spoofing?

To:	nv-l@lists.us.ibm.com
Subject:	[nv-l] The -J netmon option. IP spoofing?
From:	igastelu@unm.edu
Date:	Fri, 16 Jan 2004 01:15:15 -0700
Delivery-date:	Fri, 16 Jan 2004 08:23:07 +0000
Envelope-to:	nv-l-archive@lists.skills-1st.co.uk
Reply-to:	nv-l@lists.us.ibm.com
Sender:	owner-nv-l@lists.us.ibm.com

Hi, I would like to know how the -J option causes the broadcast in the 
local network.  From the manual(NV for NT):
-J Causes netmon to attempt to speed the process of discovering new 
nodes at the expense of limited broadcast traffic. When a new network 
or subnet is first discovered, netmon causes the first sufficiently 
capable node it discovers in that network or subnet to broadcast an 
ICMP Echo request. Thereafter, while the network or subnet remains in 
the map, netmon causes no additional broadcasts to be generated there.

However, most of us does not respond to ICMP echos to our subnets 
broadcast addresses('no ip-directed broadcast' on Cisco). I suspect the 
reason to create a broadcast once an SNMP capable host is discovered is 
to retrieve a fresh ARP table with all the actives host on it, but I 
can not see how it is done.  Is it a spoofed IP datagram with the 
source IP address changed to the IP of the remote SNMP capable host?
I hope the question is not out of order.
Thanks for your help

Inaki

<Prev in Thread]	Current Thread	[Next in Thread>
[nv-l] The -J netmon option. IP spoofing?, igastelu <= Re: [nv-l] The -J netmon option. IP spoofing?, igastelu

Previous by Date:	[nv-l] NV and Syslog capacity guidlines, John and Leizyl
Next by Date:	Re: [nv-l] Has anyone implemented the full TEC integration (correlation rules) NV 7.1.4 and TEC 3.9, Jane Curry
Previous by Thread:	[nv-l] NV and Syslog capacity guidlines, John and Leizyl
Next by Thread:	Re: [nv-l] The -J netmon option. IP spoofing?, igastelu
Indexes:	[Date] [Thread] [Top] [All Lists]