Nmap Development mailing list archives
Nmap 3.51-TEST3: MAC address lookup & display
From: Fyodor <fyodor () insecure org>
Date: Sun, 18 Apr 2004 19:32:37 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hey guys, In recent postings (and long since long ago) people have been asking for Nmap to print out the MAC addresses of scanned hosts on the same networks. I agree that is a feature whose time has come, and I have added it for an nmap-3.51-TEST3 release. Nmap uses the system interface table (as shown by ifconfig) to determine whether a system is on the same network. A database derived from the one distributed by the IEEE is then consulted to report the manufacturer. Here are examples from normal and XML output: MAC Address: 08:00:20:8F:6B:2F (SUN Microsystems Inc.) <address addr="00:A0:CC:63:85:4B" vendor="Lite-on Communications, Inc." addrtype="mac" /> I hope this will be helpful for network administrators to track down problem machines (worm-infected, spammers, etc.) This also helps track changes on DHCP networks where the IP addresses can change frequently. There are a few issues that I'm hoping people can help with. One is Windows support for MAC address display. Anyone want to give it a try? readip_pcap() or its subfunctions need to be changed to save the link layer. Then IPisDirectlyConnected must be enhanced to work on Windows. You will have to add MACLookup.cc and MACLookup.h to the build file list. Another issue is the XML DTD. Anyone want to take a crack at updating this to support this new field? This is probably simple for someone who actually knows the language :). And the final task is testing. Please let me know if you encounter problems with this on any platforms. I have only tested it on OpenBSD and Linux. Even better is if you send a patch too :). By the way, I am heading to CanSecWest on Tuesday. If any of you are attending, do say hi. This new Nmap version is available from the dist directory ( http://download.insecure.org/nmap/dist/?M=D ). It is source-code only. Here are the MD5s: d49f83863011957c51b3173af7b5c58d nmap-3.51-TEST3.tar.bz2 df9a34ccbc2933b3ed4255ce43c3db35 nmap-3.51-TEST3.tgz Enjoy, Fyodor -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iQCVAwUBQIM5Xc4dPqJTWH2VAQF+rQP/d7POOK+2PhjPge9dY1PT14i4BtVg1sB8 aftgtMOpTzG6eLT1+rjVeeUvftdvzySxZL59Qciu0dNrex4T5zeehArVb+/vJiIE WXr0y0eeKL8He1swuZbHDxgYcT5C1QbFY0qdNMc8e34fj0bhwtfHUsjSWhtfro/i HzKcc/YM8Lc= =SxF2 -----END PGP SIGNATURE----- --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Nmap 3.51-TEST3: MAC address lookup & display Fyodor (Apr 18)
- Re: Nmap 3.51-TEST3: MAC address lookup & display Andy Lutomirski (Apr 27)
- new service probes (Re: Nmap 3.51-TEST3: MAC address lookup & display) Martin Mačok (May 27)