Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: MAC replies

Re: MAC replies

From: <doug_at_hcsw.org>
Date: Fri, 22 Oct 2004 02:16:08 +0100

Hi All,

I just want to say that I think ARP scanning would be a great idea for
nmap. I fully understand the difficulty in implementing this portably
though.

In fact, a while ago I implemented a patch that added ARP scanning to
nmap-2.54BETA27 (ancient history, I know...). Essentially, the
patch added a -PR option that would ping the host using ARP instead of
the defaults (ICMP/TCP). For instance, to ping a host using ARP, you
would want to use the options -SP and -PR. Adding ARP scanning as a
ping option seemed (and still seems) to be the most sensible interface
for ARP scanning.

The patch, unfortunatley, used libnet and as such was, understandably,
not eligible for inclusion in the main distribution.

Perhaps someone working on this problem might find the patch useful. You
can download it (along with some documentation) here:

http://hcsw.org/nmap/nmap-2.54BETA27-arp-patch.tgz

Good luck,

Doug Hoyte

On Thu, Oct 21, 2004 at 05:28:20PM -0700 or thereabouts, Fyodor wrote:
> On Tue, Oct 19, 2004 at 09:17:43AM -0400, Adam Jacob Muller wrote:
> > Now that nmap has the ability to log MAC addresses does it use the fact
> > that it got an arp reply to establish that the host is in fact up, my
> > idea here basically is that an ARP reply is basically the only sure way
> > to determine if a host is up or not, if you don't get one, then that
> > host must be down, if you do in 99.99% of cases it is up (feel free to
> > correct me), so does, or should nmap use a positive ARP reply to say
> > that the host is up?
>
> Yes, ARP scanning is definitely high on my "todo" list. But Nmap does
> not yet actually do ARP at all. It just so happens that the IP packet
> responses Nmap gets include the ethernet headers as well. So Nmap
> grabs them that way. Once Nmap learns to speak raw ethernet in a
> portable fashion, ARP scanning (which obviously will only work on a
> local network) will not be far behind.
>
> Cheers,
> -F
>
> ---------------------------------------------------------------------
> For help using this (nmap-dev) mailing list, send a blank email to
> nmap-dev-help@insecure.org . List archive: http://seclists.org
>
>
>

  • application/pgp-signature attachment: stored
Received on Oct 22 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos