Nmap Development mailing list archives

Nmap 3.51-TEST3: MAC address lookup & display

From: Fyodor <fyodor () insecure org>
Date: Sun, 18 Apr 2004 19:32:37 -0700

-----BEGIN PGP SIGNED MESSAGE-----

Hey guys,

In recent postings (and long since long ago) people have been asking
for Nmap to print out the MAC addresses of scanned hosts on the same
networks. I agree that is a feature whose time has come, and I have
added it for an nmap-3.51-TEST3 release. Nmap uses the system
interface table (as shown by ifconfig) to determine whether a system
is on the same network. A database derived from the one distributed
by the IEEE is then consulted to report the manufacturer. Here are
examples from normal and XML output:

MAC Address: 08:00:20:8F:6B:2F (SUN Microsystems Inc.)
<address addr="00:A0:CC:63:85:4B" vendor="Lite-on Communications, Inc." addrtype="mac" />

I hope this will be helpful for network administrators to track down
problem machines (worm-infected, spammers, etc.) This also helps
track changes on DHCP networks where the IP addresses can change
frequently.

There are a few issues that I'm hoping people can help with. One is
Windows support for MAC address display. Anyone want to give it a
try? readip_pcap() or its subfunctions need to be changed to save the
link layer. Then IPisDirectlyConnected must be enhanced to work on
Windows. You will have to add MACLookup.cc and MACLookup.h to the
build file list.

Another issue is the XML DTD. Anyone want to take a crack at updating
this to support this new field? This is probably simple for someone
who actually knows the language :).

And the final task is testing. Please let me know if you encounter
problems with this on any platforms. I have only tested it on OpenBSD
and Linux. Even better is if you send a patch too :).

By the way, I am heading to CanSecWest on Tuesday. If any of you are
attending, do say hi.

This new Nmap version is available from the dist
directory ( http://download.insecure.org/nmap/dist/?M=D ). It is
source-code only. Here are the MD5s:

d49f83863011957c51b3173af7b5c58d nmap-3.51-TEST3.tar.bz2
df9a34ccbc2933b3ed4255ce43c3db35 nmap-3.51-TEST3.tgz

Enjoy,
Fyodor
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQCVAwUBQIM5Xc4dPqJTWH2VAQF+rQP/d7POOK+2PhjPge9dY1PT14i4BtVg1sB8
aftgtMOpTzG6eLT1+rjVeeUvftdvzySxZL59Qciu0dNrex4T5zeehArVb+/vJiIE
WXr0y0eeKL8He1swuZbHDxgYcT5C1QbFY0qdNMc8e34fj0bhwtfHUsjSWhtfro/i
HzKcc/YM8Lc=
=SxF2
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List archive: http://seclists.org

Current thread:

Nmap 3.51-TEST3: MAC address lookup & display Fyodor (Apr 18)
- Re: Nmap 3.51-TEST3: MAC address lookup & display Andy Lutomirski (Apr 27)
- new service probes (Re: Nmap 3.51-TEST3: MAC address lookup & display) Martin Mačok (May 27)