Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

nmap-dev logo Nmap Development mailing list archives

Re: display local mac address in scan results
From: Kris Katterjohn <katterjohn () gmail com>
Date: Fri, 01 Jun 2007 12:04:09 -0500
Toni Ruottu wrote:

  Hi

This is a feature request for a small user interaction improvement that
hopefully won't require lot of coding. I posted earlier about the same
subject, but wasn't a list member at the time, so couldn't take part in
discussion. So here we go again. This time with a use case.


  Joe works as a network administrator in a small company. He uses nmap
  every now and then to map the company network. He is not familiar with
  the most advanced features, but knows how to use the most basic scan
  types, declaring port ranges as well as ip address ranges. He is also
  aware of the man-page and reads it when he encounters difficulties.

  Joe is currently documenting the network and needs to find out mac
  addresses of hosts currently present. Joe also needs to add network
  interface card manufacturers into the documentation. The manufacturer
  information is used in the company as reference when discussing about
  network interface card drivers or buying new cards.

  It is Friday afternoon and Joe has made an agreement to drink a
  few beers with his friend Peter once he is done with writing the
  documentation. Peter isn't working on Fridays so he is ready to go
  once Joe is done with his work. Joe is supposed to call him once he
  completes. Joe opens a terminal on his Ubuntu pc and executes...

joe () joespc:~$ sudo nmap -sP 192.168.1.0/24

Starting Nmap 4.21ALPHA4 ( http://insecure.org ) at 2007-05-19 15:11
EEST
Host 192.168.1.1 appears to be up.
MAC Address: 00:18:39:33:B4:E8 (Cisco-Linksys)
Host 192.168.1.101 appears to be up.
Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.848 seconds

  (In a real situation there would of course be more than two hosts ;-)

  Joe reads the results and notices that mac address of the local
  network interface was not included in the scanning results. He
  remembers that nmap is able to list local interfaces along with
  their type. Joe looks at the nmap man page and finds the --iflist
  option.

  Joe now executes...

joe () joespc:~$ sudo nmap --iflist | grep ethernet
eth0 (eth0)  192.168.1.101/24 ethernet up 00:02:B3:33:12:6B

  Joe now has all the mac addresses, but he is still missing the
  manufacturer. Joe searches a list of mac address ranges on the
  Internet. In the list he can find name of the manufacturer of
  his card. Joe writes the documentation and leaves to drink beer
  with Peter.


It would spare Joe some time, if nmap displayed the local network
interface card mac address and manufacturer information during a
scan in a similar fashion as it does with the remote hosts. Iflist
could of course also list the manufacturer, but I personally
consider this less important.


  --Toni



Hi Toni!

I attached a patch to add vendor information to --iflist.

I know that's not exactly what you wanted, but AFAIK the reason the MAC
address isn't written for the local interface during a scan is because
it's actually done through loopback, so there's no real MAC info to
print.  Somebody correct me if I'm wrong!  And if you use -sP (like in
your example) on localhost, not packets are actually sent anyway because
..well ..we know it's up.

Maybe it should only be printed if -v is used (or something) because it
makes the line a bit longer, and kinda throws off the table (although
it's not the only that could cause that).  I don't know, I guess we'll see.

Let me know if you like the patch, and if it works for you, and I'll see
about committing it to the soc07 branch (and it can probably go to /nmap
pretty soon after since it's small and simple).


Thanks,
Kris Katterjohn

Index: output.cc
===================================================================
--- output.cc   (revision 4813)
+++ output.cc   (working copy)
@@ -306,8 +306,9 @@
       Tbl->addItemFormatted(i+1, shortdevcol, false, "(%s)", iflist[i].devname);
       Tbl->addItemFormatted(i+1, ipcol, false, "%s/%d", inet_ntop_ez(&(iflist[i].addr), sizeof(iflist[i].addr)), 
iflist[i].netmask_bits);
       if (iflist[i].device_type == devt_ethernet) {
+       const char *vendor = MACPrefix2Corp(iflist[i].mac);
        Tbl->addItem(i+1, typecol, false, "ethernet");
-       Tbl->addItemFormatted(i+1, maccol, false, "%02X:%02X:%02X:%02X:%02X:%02X",  iflist[i].mac[0], iflist[i].mac[1], 
iflist[i].mac[2], iflist[i].mac[3], iflist[i].mac[4], iflist[i].mac[5]);        
+       Tbl->addItemFormatted(i+1, maccol, false, "%02X:%02X:%02X:%02X:%02X:%02X (%s)",  iflist[i].mac[0], 
iflist[i].mac[1], iflist[i].mac[2], iflist[i].mac[3], iflist[i].mac[4], iflist[i].mac[5], vendor ? vendor : "Unknown");
       }
       else if (iflist[i].device_type == devt_loopback)
        Tbl->addItem(i+1, typecol, false, "loopback");

Attachment: signature.asc
Description: OpenPGP digital signature


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]