Re: 2 ideas for NMAP, 1 open question

[Fyodor <fyodor () insecure org>]

> ARP scan.
>
> I've noticed that this is what happens anyways when you do a TCP or ICMP
> scan on your local network (just think about it for a second).  You could
> just cut to the chase and do this directly.  Ideally do it massively

Hi Lamont!  I agree.  This is certainly on my (very long) list, but
perhaps someone will beat me to the chase :).  I have traditionally
avoided ethernet-specific stuff, but am slowly changing my mind as it
becomes more and more prevalent among home end users.  It seems to
have broken into the home through cable modems and DSL.  Plus, home
networks are no longer a geek-only phenomenon :).  I am also planning
to add MAC addresses to (at least) the XML output format.

But my primary focus right now is getting a nonbeta release out the
door :).  So integration of more fun features will have to wait a
little while.

> broken).  Libnet might make ARP scanning a lot easier to implement, and I
> think the link-layer output could be useful in other circumstances to play
> with.

Libnet is nice, although I have lately been playing with Dug Song's
Libdnet ( http://libdnet.sourceforge.net/ ) and have been quite
impressed.

> IPv6
>
> Anyone got any ideas for how to ping sweep an entire 64-bit address space,
> corresponding to one network?  IPv6 seems to pose some interesting
> challenges.

Yes it does.  The good news is that this is being worked on :).  Not
by me though.  A Belgian graduate student named Sébastien Peterson
(seb.peterson () easynet be) is working on this for his thesis.
Apparently he has some scans working already.  I certainly would be
interested in integrating that into core Nmap.

Cheers,
-F

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).