Passive Internal Network Discovery
When inside an internal network, we may receive a lot of traffic passively, such as ARP requests.
- Refer to network traffic analysis
- You may also run responder in analysis mode
$ sudo responder -I tun0 -A
π You may get a lot of information for active directory enumeration such as DC names and IPs, network names, etc.