Passive Internal Network Discovery

active_directory_enumeration_attacks

When inside an internal network, we may receive a lot of traffic passively, such as ARP requests.

$ sudo responder -I tun0 -A

πŸ“š You may get a lot of information for active directory enumeration such as DC names and IPs, network names, etc.