Nmap Development mailing list archives

Re: -P0 still attempts ARP scan

From: Fyodor <fyodor () insecure org>
Date: Tue, 13 Sep 2005 18:27:33 -0700

On Tue, Sep 13, 2005 at 12:41:38PM -0400, William MacKay wrote:

On Sep 13, 2005, at 12:24 PM, Arturo 'Buanzo' Busleiman wrote:

This is bad, because --spoof_mac seems to screw up the ARP ping scan,  
so it refuses to scan even with -P0. Here's another log demonstrating  
that:


Maybe your network is MAC locked or otherwise doesn't allow the
spoofed MAC addresses (or just takes a while to recognize them).  If
Nmap can't obtain the MAC address of the target computer, it has
little choice but to "refuse to scan" since it doesn't have a MAC
address to send ethernet frames to.  If you determine why --spoof_mac
isn't working on your network, I'd be interested to hear about it.
Maybe there is something Nmap can do to resolve the problem.  What OS
are you using?  I have only tested --mac_spoof on Linux, though it
should work on other operating systems if Libdnet (and WinPcap on
Windows) supports it.

Cheers,
-F


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Current thread:

-P0 still attempts ARP scan William MacKay (Sep 13)
- Re: -P0 still attempts ARP scan Arturo 'Buanzo' Busleiman (Sep 13)
  - Re: -P0 still attempts ARP scan William MacKay (Sep 13)
    - Re: -P0 still attempts ARP scan Fyodor (Sep 13)
    - Re: -P0 still attempts ARP scan William MacKay (Sep 13)
- Re: -P0 still attempts ARP scan Fyodor (Sep 13)