Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: How to find MAC address
From: "Kurt Grutzmacher" <grutz () jingojango net>
Date: Fri, 31 Mar 2006 08:14:44 -0800

On 3/31/06, Martin Mačok <martin.macok () underground cz> wrote:
On Fri, Mar 31, 2006 at 12:53:41PM +0100, Martin O'Neal wrote:

Easy as pie; take a look at the nessus script
(netbios_name_get.nasl) for template code.

Seems like you haven't read its license, have you?

 5) No Reverse Engineering, Other Restrictions.

Then how about nmap-service-probes?

# NBT Response starts with a header:
# The following fields are each 2 bytes: transaction ID; Flags;
question count; answer count; name service count; additional record
count
# Next comes 34 bytes NUL-terminaed name
# then comes 2 byte fields: question type; question clss
# 4 byte TTL
# 2 byte rdata length
# 1 byte number of names
### -- End of header
# Next comes the given number of nbnames - each are a 15 byte name
(space padded) followed by a one byte service type, and then 16 BIT
flags
### -- End of name table - finally comes the footer:
# 48 - Adapter address (eg MAC addy)
# 8 bit fields: major version; minor version
# 16 bit fields: duration; frmps received; frmps transmitted; iframe
receive errors; transmit aborts
# 32 bit fields: trasnmitted; received
# The remaining fields are all 16-bits: iframe transmit errors; number
of receive buffers; tl_timeouts; tl_timeouts; free ncbs; ncbs;
#                                       max_ncbs; number of transmit
buffers; max datagram; pending sessions; max sessions; packet_sessions

No time here but I bet somebody can modify the next few netbios lines
to pull out the MAC address. :)


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]