Irpass-Ass is a  autonomous system scanner,Irpass-Ass is designed to find the AS of the router. Irpass-Ass supports the following protocols: IRDP, IGRP, EIGRP, RIPv1, RIPv2, CDP, HSRP and OSPF.
Irpass-Ass in passive mode (./ass -i eth0), it just listens to routing protocol packets (like broadcast and multicast hellos).
Irpass-Ass in active mode (./ass -i eth0 -A), it tries to discover routers by asking for information. Irpass-Ass is done to the appropriate address for each protocol (either broadcast or multicast addresses). If you specify a destination address, this will be used but may be not as effective as the defaults.
EIGRP scanning is done differently: While scanning, ASS listens for HELLO packets and then scans the AS directly on the router who advertised himself. You can force EIGRP scanning into the same AS-Scan behavior as IGRP uses by giving a destination or into multicast scanning by the option -M.
For Active mode, you can select the protocols you want to scan for. If you don’t select them, all are scanned. You select protcols by giving the option -P and any combination of the following chars: IER12, where:

  • I = IGRP

  • E = EIGRP

  • R = IRDP

  • 1 = RIPv1

  • 2 = RIPv2




         [-v[v[v]]] -i <interface> [-p] [-c] [-A] [-M] [-P IER12]
         -a <autonomous system start> -b <autonomous system stop>
	 [-S <spoofed source IP>] [-D <destination ip>]
	 [-T <packets per delay>]


 -i <interface>		interface
 -v				verbose
 -A				this sets the scanner into active mode
 -P <protocols>		see above (usage: -P EIR12)
 -M				EIGRP systems are scanned using the multicast 
 				address and not by HELLO enumeration and 
				direct query
 -a <autonomous system>	autonomous system to start from
 -b <autonomous system>	autonomous system to stop with
 -S <spoofed source IP>	maybe you need this
 -D <destination IP>		If you don't specify this, the appropriate 
 				address per protocol is used 
 -p				don't run in promiscuous mode (bad idea)
 -c				terminate after scanning. This is not 
 				recommened since answers may arrive later and 
				you could see some traffic that did not show 
				up during your scans
 -T <packets per delay>	packets how many packets should we wait some 
 				miliseconds (-T 1 is the slowest scan 
				-T 100 begins to become unreliable)


Leave a reply


We're are building as a community and a team. Be a part of it.


©2018 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?