Nmap Development mailing list archives
Re: Need help for nmap scan
From: magnus () linuxtag org (Nils Magnus)
Date: Thu, 20 Apr 2006 22:36:09 +0200
Re, On Thu, Apr 20, 2006 at 11:13:23AM -0400, kx wrote:
Andreas is right, especially if you are scanning from outside the targets LAN.
Well with some heuristics regarding the actual active IP addresses you _might_ _guess_ if an address is assigned by DHCP, but that has not much to do with nmap.
If you are inside the targets LAN, sniff for DHCP traffic, and perform traffic analysis. As far as using nmap, both the ARP ping (vendor code), and OS detection can help identify what routers are on the LAN, which is likely to be the default gateway. If you are outside the target LAN, at best, you may be able to tell if the target is behind a NAT with nmap, but it depends.
At least you can (under some, or even most circumstances) figure out the gateway the segment uses to route traffic to _your_ location (which is in many situations just the single default gateway): Send probes to all IPs in the target network and watch the TTL field of the response packets. One might have a smaller count, this is a candidate for the gateway (because it's topologically closer to you). These techniques rely on a certain amount of heuristics and experience and are not acurate in all cases. However, they emphasize my wish of inclusion of more traceroute features in upcoming releases, as I already stated in the nmap-survey :) Regards, Nils Magnus Program-Chair LinuxTag 2006 Free Conference Program LinuxTag 2006: Where .com meets .org - magnus () linuxtag org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Need help for nmap scan uday kumar kunta (Apr 20)
- Re: Need help for nmap scan Andreas Ericsson (Apr 20)
- Re: Need help for nmap scan kx (Apr 20)
- Re: Need help for nmap scan Nils Magnus (Apr 20)
- Re: Need help for nmap scan kx (Apr 20)
- Re: Need help for nmap scan Andreas Ericsson (Apr 20)