# README
goatherd
Packet Capture and Analysis tool for passively discovering routable address space by observing bitmask changes on captured packets
what does it do?
GOatherd analyzes tcp/ip communications (either live on the wire, or from a previously captured .pcap file) and assesses their source ARP and IP addresses with XOR bitwise pattern matching to make an intelligent attempt to determine:
- what addresses on your local network are the 'downstream' gateways (gateways from other networks), and which one (at minimum) is the 'upstream' gateway (ie the gateway address for the local subnet).
- To the best of its abilities, what CIDR subnets are 'downstream' from the local network (incoming to it from one or more layers of downstream gateways).
- attempts to find a common range of TTL variances to guestimate how many 'hops' downstream a particular submet is from the currently observed network.
Installation
You'll be needing the LibPCAP include files to compile for packet capture.
apt-get install libpcap-dev on debian-derived Linux distributions
# Packages
Identified Gateways on Observed sections.
Copyright © 2020 NAME HERE <EMAIL ADDRESS>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
No description provided by the author
but some of those unused addresses can be network or broadcast addresses if we calculate that we see no traffic from a pairing of a valid network/broadcast address, we mark this mask/prefix as a viable potential subnet.
No description provided by the author
No description provided by the author
TTL Tracker monitors the differentials in TTL of packets matched to a given subnet by finding a common integer variance in them, it attempts to guess how many 'hops' the given downstream subnet is from the capturepoint network.