Skip to content

Network Mapping

Jump to bottom
Josh Carlson edited this page Dec 17, 2023 · 1 revision

Introduction

IP2CR includes the ability to generate a logical network map of a matching resource. Once IP2CR has found a resource, if that resource supports network mapping and the option is enabled, it will output a simple map showing the path network traffic takes from the public IP/FQDN to the root resource.

Supported Resources

Currently, network mapping is supported for the following resources:

  • Cloudfront
  • ELBs (both classic and v2)
  • EC2

Usage

By default, network mapping is disabled. To enable it during a run of IP2CR, you can supply the --network-mapping CLI parameter.

Output

Map Format

The network map is generally different for each resource, as would be expected. Below is a mapping outline for each supported resource.

() indicates there can be multiple values/paths. Values are listed respectively (e.g. ELB -> ... -> (vpc-1234, vpc-5678) -> (subnet-1234, subnet-5678) indicates the ELB has two targets: one in vpc-1234/subnet-1234 and another in vpc-5678/subnet-5678). Field names should mirror the AWS API.

CloudFront

Distribution.DomainName -> Distribution.ID -> (Distribution.Origins.ID) -> (Distribution.Origins.DomainName)

Example

d71eu3b1gwvbi.cloudfront.net -> E1CAZC76A7D8KA -> [ip2cr-alb-origin] -> [IP2CR-Testing-ALB-655773642.us-east-1.elb.amazonaws.com]

Elastic Load Balancers

Classic

LoadBalancer.DNSName -> LoadBalancer.CanonicalHostedZoneId -> LoadBalancer.VpcId -> LoadBalancer.AvailabilityZones -> LoadBalancer.Subnets

Example

IP2CR-Testing-ELB-285722681.us-east-1.elb.amazonaws.com -> Z35SXDOTRQ7X7K -> vpc-07e884ddac0458356 -> [us-east-1a,us-east-1b,us-east-1c] -> [subnet-01e64dfa243c37bc6,subnet-06a2ae760a3f27e40,subnet-0bf4b6de0275c87d5]

V2

LoadBalancer.DNSName -> LoadBalancer.CanonicalHostedZoneId -> [(LoadBalancer.AvailabilityZone.SubnetId, LoadBalancer.AvailabilityZone.ZoneName)] -> LoadBalancer.Listener.ListenerArn -> LoadBalancer.Listener.DefaultActions.TargetGroupArn -> (Target.Id)

Example

IP2CR-Testing-ALB-655773642.us-east-1.elb.amazonaws.com -> Z35SXDOTRQ7X7K -> [subnet-01e64dfa243c37bc6 (us-east-1b),subnet-0bf4b6de0275c87d5 (us-east-1a)] -> arn:aws:elasticloadbalancing:us-east-1:509915386432:listener/app/IP2CR-Testing-ALB/e482622e74065ea1/4042388b0be2034e -> arn:aws:elasticloadbalancing:us-east-1:509915386432:targetgroup/IP2CR-Testing-TgtGrp/39b2566cf21f04f1 -> i-00fae9e8731fce703

EC2

Instance.VpcId -> Instance.SubnetId -> Instance.InstanceId

Example

vpc-07e884ddac0458356 -> subnet-0bf4b6de0275c87d5 -> i-00fae9e8731fce703

Clone this wiki locally