Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: 2 ideas for NMAP, 1 open question
From: Lamont Granquist <lamont () scriptkiddie org>
Date: Fri, 24 May 2002 00:43:43 -0700 (PDT)

If anyone wants to look at the code I wrote its here:


On Fri, 24 May 2002, Fyodor wrote:
[ I'm redirecting this to nmap-dev since they are development comments
and so that people can respond immediately without moderation hassles
:)  -Fyodor ]

----- Forwarded message from Lamont Granquist <lamont () scriptkiddie org> -----

Date: Fri, 24 May 2002 00:12:12 -0700 (PDT)
From: Lamont Granquist <lamont () scriptkiddie org>
To: <nmap-hackers () insecure org>
Subject: 2 ideas for NMAP, 1 open question

ARP scan.

I've noticed that this is what happens anyways when you do a TCP or ICMP
scan on your local network (just think about it for a second).  You could
just cut to the chase and do this directly.  Ideally do it massively
parallel as well, so that you can do a fast local network discovery.
Really NMAP should know what networks are on your local interfaces and you
should be able to specify just with a couple switches that you want to do
a complete local network discovery.


I talked with Fyodor about this way back and the problem here is that many
people use NMAP on non-ethernet networks.  That means that if you use
Libnet and link-layer output in some circumstances you need to code it
very carefully so that you fall back to raw sockets in other cases.  You
should only extend NMAP and not break it for anyone.  Also, in a lot of
circumstances it should be possible to implement features both using raw
sockets and link-layer output, NMAP should provide switches so the user
could choose (based on architecture and version, one or the other might be
broken).  Libnet might make ARP scanning a lot easier to implement, and I
think the link-layer output could be useful in other circumstances to play

I tried doing both of the above in some prototype code for a stand-alone
scanner, but it needs to get rewritten and cleaned up, and I don't have
the time.  I definitely don't have the time to try to figure out how to
get it into NMAP.


Anyone got any ideas for how to ping sweep an entire 64-bit address space,
corresponding to one network?  IPv6 seems to pose some interesting

----- End forwarded message -----

For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]