Re: -NP ignored when running as root

[Mike Calmus <mcalmus () nyx net>]

At 12:26 AM +0000 7/17/09, Brandon Enright wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, 16 Jul 2009 20:22:04 -0400
> Mike Calmus <mcalmus () nyx net> wrote:
>
> >  >Hi, please try running again as root, this time with the --send-ip
> >  >option. That will disable the ARP ping. If that works, then there is
> >  >something wrong with the way ARP ping work against Windows 7 and
> >  >possibly Solaris 10.
> >  >
> >  >http://seclists.org/nmap-dev/2009/q1/0176.html
> >  >
> >  >That was caused by Solaris sending back ARP replies to the broadcast
> >  >Ethernet address. If --send-ip works for you, please let us know. If
> >  >you could get a packet capture of the ARP traffic, that would be very
> >  >helpful.
> >  >
> >  >Please let us know, because this is something that can be fixed with
> >  >a little more information.
> >  >
> >  >David Fifield
> >
> >  Using the --send-ip option does seem to work. I won't be able to get
> >  a packet capture until later, though. I will forward that along as
> >  soon as I can.
>
> Hey Mike, are you by any chance connecting to a wireless AP with client
> isolation turned on?  In addition to a packet capture, the output of
> "arp -a" after a scan could be moderately useful.
>
> Brandon

I do have a wireless AP, but client isolation isn't turned on AFAIK. 
When I run a packet capture in Wireshark, I see two ARP messages like 
the following sent from my machine:

ff:ff:ff:ff:ff:ff
00:1e:52:83:c6:a6
0x0806
0x0001
0x0800
0x06
0x04
00:01
00:1e:52:83:c6:a6
192.168.1.194
ff:ff:ff:ff:ff:ff
192.168.1.190

More information: This Windows 7 box is running inside VMWare with 
NATed networking on the same physical box as the source of the query.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org