gateway-finder on


Identify routers on the local LAN and paths to the Internet.

Gateway-finder is a scapy script that will help you determine which of the systems on the local LAN has IP forwarding enabled and which can reach the Internet.

This can be useful during Internal pentests when you want to quickly check for unauthorised routes to the Internet (e.g. rogue wireless access points) or routes to other Internal LANs. It doesn't perform a hugely thorough check, but it is quick at least. It's python, so it should be easy to modify to fit your needs.

You give the script the IP address of a system on the Internet you're trying to reach and it will send the following probes via each system on the local LAN:
- An ICMP Ping
- A TCP SYN packet to port 80
- An ICMP Ping with a TTL of 1
- A TCP SYN packet to port 80 with a TTL of 1

It will report separately which systems send an ICMP "TTL exceeded in transit" message back (indicating that they're routers) and which respond to the probe (indicating that they're gateways to the Internet).