Re: Nmap 3.93: Spoof mac does not work when network card not in promiscious mode

[Andreas Ericsson <ae () op5 se>]

Greg Darke wrote:
> Just a follow up on the message I sent earlier,
>
> It seems that this is not the whole story... This problem only seems to
> come up when I have previously changed my mac address on my network
> card. 
>
> spoof_mac works without a problem, if I don't change any settings on my
> network card. But if i change the mac address (I need to so that I can
> use it on the network at Uni), Nmap is not able to see any packets that
> come back to the spoofed mac address unless I place the network card
> into promiscuous mode.

This is sort of expected behaviour and how catenets work. The IP-address 
thing is just so packets can be sent to a different network. In a local 
network (with a switch but no routers), packet destinations are 
determined by the MAC address. That's also why you can't send ARP 
(address resolution protocol, with address meaning MAC-address) packets 
to a different network than the local one.

> Is anybody else having the same problem, or is it a bug with my network
> card?

I assume everybody does, although it's strange that nmap doesn't set the 
card to promiscuous mode.

-- 
Andreas Ericsson                   andreas.ericsson () op5 se
OP5 AB                             www.op5.se
Lead Developer


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev