Nmap Development mailing list archives
RE: ARP scanning bug in nmap?
From: Mike C <check () imjc com>
Date: Mon, 20 Mar 2006 18:01:41 -0000
Nmap (or anything else) can't scan an Ethernet device unless it gets an ARP reply - without the ARP reply - it wouldn't know the MAC address to send anything to - an ARP reply is a pre-requisite to any sort of (non-broadcast) IP communication. Doesn't explain how come Nessus worked though.... You probably need to supply more information to get an answer - like OS you were scanning from, exact nmap options used, ideally listings of the ARP table and maybe a packet trace.... Regards, Mike -----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of RaMatkal Sent: 20 March 2006 09:18 To: nmap-dev () insecure org Subject: ARP scanning bug in nmap? Firstly, great work on nmap!! I was performing a pen-test on a clients network a few days ago and was having a few problems with nmap 4.00..... i was sitting on the same subnet as a wireless device i was trying to scan.... wireless ip was something like 10.51.20.20/16 and my ip was 10.51.25.25/16 though i was not attached to the wireless network.... I could ping the wireless device with no problems but when i tried to scan the device with the usual nmap -sS -vv -O it came back with an error saying no ARP replies were found... I think i read somewhere that the new version of nmap first does an ARP scan if the device u want to scan sits on the same local network (which i was)....but for some reason nmap was not recognising the ARP responses.....(i wander if this has to do with the fact that i was on the same subnet as the wireless device but i was not attached to the wireless network...ie maybe only the access point replies to the ARP requests when it is attached to a switch and not the wireless devices communicating through it...) anyways, i tried using the -P0 to turn off the Ping and ARP scan but nmap still could not scan the device and said an ARP response was not returned from the device.... in short i tried several methods to scan the device but all failed with the same error... However, when i scanned the device with Nessus i had no problems....several open ports were found... Is there a way to switch off the ARP scan like you can switch off the ping scan with -P0 Thanks very much...sorry for the long email, and great work again! RaMatkal _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- ARP scanning bug in nmap? RaMatkal (Mar 20)
- <Possible follow-ups>
- RE: ARP scanning bug in nmap? Mike C (Mar 20)
- Re: ARP scanning bug in nmap? kx (Mar 20)