Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: ARP ping, netmask and fallback to ICMP

ARP ping, netmask and fallback to ICMP

From: J.P. Delport <jpdelport_at_csir.co.za>
Date: Mon, 10 Oct 2005 17:02:10 +0200

Hi,

I have been trying to ARP ping some hosts on a local ethernet segment.
ARP pings get sent only when the IP addresses are on the same subnet as
that of my network card (Win32 & Linux, class C). Short of changing the
actual card netmask (a pain on Windows with DHCP enabled - lots of
clicking), is there a way to force nmap to send ARP requests even when
the targets are not on my subnet? (I know they are on my eth segment.)

When I force the variable directly_connected to true in targets.cc's
nexthost function, I can successfully send ARP requests to the hosts I
am interested in, but then I run into the next problem: When sending an
ARP to hosts not on my subnet, I get an ARP response from target hosts,
but also from a switch actings as a proxy for them. nmap currently only
stores one MAC address for the target - sometimes this is the target
host and sometimes the proxy. Maybe it could be usefull to supply a MAC
address that nmap ignores in ARP replies?

Last idea: it came as a surprise to me that nmap fell back on (the more
IDS noisy) ICMP ping when I requested ARP ping with -PR. Maybe it should
be stated in the docs/man page or maybe nmap must not fall back? I also
get ICMP when I try to fake my source IP with -S.

thanks for the great tool
regards
jp 

-- 
This message is subject to the CSIR's copyright, terms and conditions and
e-mail legal notice. Views expressed herein do not necessarily represent the
views of the CSIR.
 
CSIR E-mail Legal Notice
http://mail.csir.co.za/CSIR_eMail_Legal_Notice.html 
 
CSIR Copyright, Terms and Conditions
http://mail.csir.co.za/CSIR_Copyright.html 
 
For electronic copies of the CSIR Copyright, Terms and Conditions and the CSIR
Legal Notice send a blank message with REQUEST LEGAL in the subject line to
HelpDesk_at_csir.co.za.
This message has been scanned for viruses and dangerous content by MailScanner, 
and is believed to be clean.  MailScanner thanks Transtec Computers for their support.
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Received on Oct 10 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos