Nmap Development mailing list archives
--spoof-mac didn't work for me
From: "Amit Khanna" <amit.khanna () nevisnetworks com>
Date: Mon, 6 Feb 2006 11:17:59 +0530
Hi, This is the nmap version I am using ========================== [root@tbfpga-host12 root]# nmap -v Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-02-06 10:39 IST No target machines/networks specified! QUITTING! This is the mac of my interface ======================== [root@tbfpga-host12 root]# ifconfig eth2 | grep HW eth2 Link encap:Ethernet HWaddr 00:0D:88:FC:ED:E1 This is how I run nmap [root@tbfpga-host12 root]# nmap -sT -P0 --spoof-mac 00:11:22:33:44:55 11.10.5.1 -p 23 -e eth2 Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-02-06 11:03 IST Spoofing MAC address 00:11:22:33:44:55 (Cimsys) Interesting ports on 11.10.5.1: PORT STATE SERVICE 23/tcp open telnet Nmap finished: 1 IP address (1 host up) scanned in 0.480 seconds This is what I see on the interface [root@tbfpga-host12 root]# tethereal -i eth2 -x tethereal: Symbol `pcap_version' has different size in shared object, consider re-linking Capturing on eth2 0.000000 50.1.4.2 -> 11.10.5.1 TCP 44963 > telnet [SYN] Seq=4243116890 Ack=0 Win=5840 Len=0 0000 00 08 a1 7e 51 d6 00 0d 88 fc ed e1 08 00 45 00 ...~Q.........E. 0010 00 3c 8b 70 40 00 40 06 69 3e 32 01 04 02 0b 0a .<.p@.@.i>2..... 0020 05 01 af a3 00 17 fc e8 d3 5a 00 00 00 00 a0 02 .........Z...... 0030 16 d0 11 74 00 00 02 04 05 b4 04 02 08 0a 01 8d ...t............ 0040 58 2a 00 00 00 00 01 03 03 00 X*........ 0.000516 11.10.5.1 -> 50.1.4.2 TCP telnet > 44963 [SYN, ACK] Seq=600908178 Ack=4243116891 Win=5792 Len=0 0000 00 0d 88 fc ed e1 00 08 a1 7e 51 d6 08 00 45 00 .........~Q...E. 0010 00 3c 00 00 40 00 40 06 f4 ae 0b 0a 05 01 32 01 .<..@.@.......2. 0020 04 02 00 17 af a3 23 d1 21 92 fc e8 d3 5b a0 12 ......#.!....[.. 0030 16 a0 04 a4 00 00 02 04 05 b4 04 02 08 0a 1c ce ................ 0040 aa bd 01 8d 58 2a 01 03 03 00 ....X*.... 0.000536 50.1.4.2 -> 11.10.5.1 TCP 44963 > telnet [ACK] Seq=4243116891 Ack=600908179 Win=5840 Len=0 0000 00 08 a1 7e 51 d6 00 0d 88 fc ed e1 08 00 45 00 ...~Q.........E. 0010 00 34 8b 71 40 00 40 06 69 45 32 01 04 02 0b 0a .4.q@.@.iE2..... 0020 05 01 af a3 00 17 fc e8 d3 5b 23 d1 21 93 80 10 .........[#.!... 0030 16 d0 33 39 00 00 01 01 08 0a 01 8d 58 2a 1c ce ..39........X*.. 0040 aa bd .. 0.003644 50.1.4.2 -> 11.10.5.1 TCP 44963 > telnet [RST, ACK] Seq=4243116891 Ack=600908179 Win=5840 Len=0 0000 00 08 a1 7e 51 d6 00 0d 88 fc ed e1 08 00 45 00 ...~Q.........E. 0010 00 34 8b 72 40 00 40 06 69 44 32 01 04 02 0b 0a .4.r@.@.iD2..... 0020 05 01 af a3 00 17 fc e8 d3 5b 23 d1 21 93 80 14 .........[#.!... 0030 16 d0 33 34 00 00 01 01 08 0a 01 8d 58 2b 1c ce ..34........X+.. 0040 aa bd .. The problem ========== Nmap says that it is spoofing the MAC address but the packets I see on the inteface have the original MAC and not the one that I had requested Nmap to spoof. What could be the problem? Am I missing something? Please help. Some more info [root@tbfpga-host12 root]# uname -a Linux tbfpga-host12 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 i686 i386 GNU/Linux Thanks, Amit Khanna _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- --spoof-mac didn't work for me Amit Khanna (Feb 05)