|
Nmap Development
mailing list archives
Re: How to find MAC address
From: Andreas Ericsson <ae () op5 se>
Date: Fri, 31 Mar 2006 12:59:17 +0200
Martin O'Neal wrote:
There isn't an nmap option to gather a MAC remotely, but your original
response said:
There is none. As soon as a packet passes a
router the only MAC you're gonna see is the
one of the router. ARP-packets simply cannot
be routed.
Which is misleading; ARP isn't the only mechanism. There are ways of
gathering the MAC from higher level protocols, and not just proprietary
extensions either; MS NetBIOS name service, SNMP, blah blah blah...
For nmap, ARP *is* the only mechanism. The question was "why doesn't
nmap detect the MAC of this and that host on a different network?" and
the answers given are totally correct. How is that misleading? Other
tools can (try to) determine MAC addresses through other means, but nmap
can't.
FYI, MS NetBIOS is broadcast which also only works on local subnets,
possibly with the exception that someone may actually be daft enough to
put a windows box as router (the horror!). Never having tried this, I'm
not sure if it would report hosts on both networks as beeing in the
"neighbourhood".
SNMP is not really an option (not necessarily running everywhere, info
can be spoofed, etc. etc. - same problem as with all other solutions
based on anything but ARP) and I doubt Fyodor will accept a patch to
support it. nmap being opensource, you're ofcourse free to write one and
submit it for inclusion.
--
Andreas Ericsson andreas.ericsson () op5 se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
 By Date 
By Thread
Current thread:
- Re: How to find MAC address, (continued)
|
Intro
