This is a neat little tool especially for people doing penetration testing assignments, especially if you’ve done some packet dumps and have PCAP files you can use nwmap to map out live IP addresses.
I’d guess it’d be used in the information gathering stage before you fire up your port scanners etc.
nwmap is basically a Perl script which takes a PCAP file as input and identifies valid subnets in the file. It then assumes a netmask of /24 and searches all those subnets for live IPs. It then groups all the IP addresses based on the number of hops.
Make sure you have the following:
- host(DNS lookup)
- nmap(Port scanner)
- tcptraceroute(traceroute to IP addresses)
- Tshark(Network sniffer)
You can download nwmap here:
Or read more here.