|
Nmap Development
mailing list archives
Re: MAC replies
From: Fyodor <fyodor () insecure org>
Date: Thu, 21 Oct 2004 17:28:20 -0700
On Tue, Oct 19, 2004 at 09:17:43AM -0400, Adam Jacob Muller wrote:
Now that nmap has the ability to log MAC addresses does it use the fact
that it got an arp reply to establish that the host is in fact up, my
idea here basically is that an ARP reply is basically the only sure way
to determine if a host is up or not, if you don't get one, then that
host must be down, if you do in 99.99% of cases it is up (feel free to
correct me), so does, or should nmap use a positive ARP reply to say
that the host is up?
Yes, ARP scanning is definitely high on my "todo" list. But Nmap does
not yet actually do ARP at all. It just so happens that the IP packet
responses Nmap gets include the ethernet headers as well. So Nmap
grabs them that way. Once Nmap learns to speak raw ethernet in a
portable fashion, ARP scanning (which obviously will only work on a
local network) will not be far behind.
Cheers,
-F
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List archive: http://seclists.org
 By Date 
By Thread
Current thread:
|
Intro
