Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: MAC replies
From: doug () hcsw org
Date: Fri, 22 Oct 2004 02:16:08 +0100

Hi All,

I just want to say that I think ARP scanning would be a great idea for
nmap. I fully understand the difficulty in implementing this portably
though.

In fact, a while ago I implemented a patch that added ARP scanning to
nmap-2.54BETA27 (ancient history, I know...). Essentially, the
patch added a -PR option that would ping the host using ARP instead of
the defaults (ICMP/TCP). For instance, to ping a host using ARP, you
would want to use the options -SP and -PR. Adding ARP scanning as a
ping option seemed (and still seems) to be the most sensible interface
for ARP scanning.

The patch, unfortunatley, used libnet and as such was, understandably,
not eligible for inclusion in the main distribution.

Perhaps someone working on this problem might find the patch useful. You
can download it (along with some documentation) here:

http://hcsw.org/nmap/nmap-2.54BETA27-arp-patch.tgz

Good luck,

Doug Hoyte



On Thu, Oct 21, 2004 at 05:28:20PM -0700 or thereabouts, Fyodor wrote:
On Tue, Oct 19, 2004 at 09:17:43AM -0400, Adam Jacob Muller wrote:
Now that nmap has the ability to log MAC addresses does it use the fact 
that it got an arp reply to establish that the host is in fact up, my 
idea here basically is that an ARP reply is basically the only sure way 
to determine if a host is up or not, if you don't get one, then that 
host must be down, if you do in 99.99% of cases it is up (feel free to 
correct me), so does, or should nmap use a positive ARP reply to say 
that the host is up?

Yes, ARP scanning is definitely high on my "todo" list.  But Nmap does
not yet actually do ARP at all.  It just so happens that the IP packet
responses Nmap gets include the ethernet headers as well.  So Nmap
grabs them that way.  Once Nmap learns to speak raw ethernet in a
portable fashion, ARP scanning (which obviously will only work on a
local network) will not be far behind.

Cheers,
-F

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org



Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]