Re: How to find MAC address

[Andreas Ericsson <ae () op5 se>]

Martin O'Neal wrote:
> There isn't an nmap option to gather a MAC remotely, but your original
> response said:
>
>
> > There is none. As soon as a packet passes a 
> > router the only MAC you're gonna see is the 
> > one of the router. ARP-packets simply cannot 
> > be routed.
>
>
> Which is misleading; ARP isn't the only mechanism.  There are ways of
> gathering the MAC from higher level protocols, and not just proprietary
> extensions either;  MS NetBIOS name service, SNMP, blah blah blah...

For nmap, ARP *is* the only mechanism. The question was "why doesn't 
nmap detect the MAC of this and that host on a different network?" and 
the answers given are totally correct. How is that misleading? Other 
tools can (try to) determine MAC addresses through other means, but nmap 
can't.

FYI, MS NetBIOS is broadcast which also only works on local subnets, 
possibly with the exception that someone may actually be daft enough to 
put a windows box as router (the horror!). Never having tried this, I'm 
not sure if it would report hosts on both networks as beeing in the 
"neighbourhood".

SNMP is not really an option (not necessarily running everywhere, info 
can be spoofed, etc. etc. - same problem as with all other solutions 
based on anything but ARP) and I doubt Fyodor will accept a patch to 
support it. nmap being opensource, you're ofcourse free to write one and 
submit it for inclusion.

-- 
Andreas Ericsson                   andreas.ericsson () op5 se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev