Re: display local mac address in scan results

[Kris Katterjohn <katterjohn () gmail com>]

Toni Ruottu wrote:
>   Hi
>
> This is a feature request for a small user interaction improvement that
> hopefully won't require lot of coding. I posted earlier about the same
> subject, but wasn't a list member at the time, so couldn't take part in
> discussion. So here we go again. This time with a use case.
>
>
>   Joe works as a network administrator in a small company. He uses nmap
>   every now and then to map the company network. He is not familiar with
>   the most advanced features, but knows how to use the most basic scan
>   types, declaring port ranges as well as ip address ranges. He is also
>   aware of the man-page and reads it when he encounters difficulties.
>
>   Joe is currently documenting the network and needs to find out mac
>   addresses of hosts currently present. Joe also needs to add network
>   interface card manufacturers into the documentation. The manufacturer
>   information is used in the company as reference when discussing about
>   network interface card drivers or buying new cards.
>
>   It is Friday afternoon and Joe has made an agreement to drink a
>   few beers with his friend Peter once he is done with writing the
>   documentation. Peter isn't working on Fridays so he is ready to go
>   once Joe is done with his work. Joe is supposed to call him once he
>   completes. Joe opens a terminal on his Ubuntu pc and executes...
>
> joe@joespc:~$ sudo nmap -sP 192.168.1.0/24
>
> Starting Nmap 4.21ALPHA4 ( http://insecure.org ) at 2007-05-19 15:11
> EEST
> Host 192.168.1.1 appears to be up.
> MAC Address: 00:18:39:33:B4:E8 (Cisco-Linksys)
> Host 192.168.1.101 appears to be up.
> Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.848 seconds
>
>   (In a real situation there would of course be more than two hosts ;-)
>
>   Joe reads the results and notices that mac address of the local
>   network interface was not included in the scanning results. He
>   remembers that nmap is able to list local interfaces along with
>   their type. Joe looks at the nmap man page and finds the --iflist
>   option.
>
>   Joe now executes...
>
> joe@joespc:~$ sudo nmap --iflist | grep ethernet
> eth0 (eth0)  192.168.1.101/24 ethernet up 00:02:B3:33:12:6B
>
>   Joe now has all the mac addresses, but he is still missing the
>   manufacturer. Joe searches a list of mac address ranges on the
>   Internet. In the list he can find name of the manufacturer of
>   his card. Joe writes the documentation and leaves to drink beer
>   with Peter.
>
>
> It would spare Joe some time, if nmap displayed the local network
> interface card mac address and manufacturer information during a
> scan in a similar fashion as it does with the remote hosts. Iflist
> could of course also list the manufacturer, but I personally
> consider this less important.
>
>
>   --Toni

Hi Toni!

I attached a patch to add vendor information to --iflist.

I know that's not exactly what you wanted, but AFAIK the reason the MAC
address isn't written for the local interface during a scan is because
it's actually done through loopback, so there's no real MAC info to
print.  Somebody correct me if I'm wrong!  And if you use -sP (like in
your example) on localhost, not packets are actually sent anyway because
..well ..we know it's up.

Maybe it should only be printed if -v is used (or something) because it
makes the line a bit longer, and kinda throws off the table (although
it's not the only that could cause that).  I don't know, I guess we'll see.

Let me know if you like the patch, and if it works for you, and I'll see
about committing it to the soc07 branch (and it can probably go to /nmap
pretty soon after since it's small and simple).


Thanks,
Kris Katterjohn

Index: output.cc
===================================================================
--- output.cc   (revision 4813)
+++ output.cc   (working copy)
@@ -306,8 +306,9 @@
       Tbl->addItemFormatted(i+1, shortdevcol, false, "(%s)", iflist[i].devname);
       Tbl->addItemFormatted(i+1, ipcol, false, "%s/%d", inet_ntop_ez(&(iflist[i].addr), sizeof(iflist[i].addr)), 
iflist[i].netmask_bits);
       if (iflist[i].device_type == devt_ethernet) {
+       const char *vendor = MACPrefix2Corp(iflist[i].mac);
        Tbl->addItem(i+1, typecol, false, "ethernet");
-       Tbl->addItemFormatted(i+1, maccol, false, "%02X:%02X:%02X:%02X:%02X:%02X",  iflist[i].mac[0], iflist[i].mac[1], 
iflist[i].mac[2], iflist[i].mac[3], iflist[i].mac[4], iflist[i].mac[5]);        
+       Tbl->addItemFormatted(i+1, maccol, false, "%02X:%02X:%02X:%02X:%02X:%02X (%s)",  iflist[i].mac[0], 
iflist[i].mac[1], iflist[i].mac[2], iflist[i].mac[3], iflist[i].mac[4], iflist[i].mac[5], vendor ? vendor : "Unknown");
       }
       else if (iflist[i].device_type == devt_loopback)
        Tbl->addItem(i+1, typecol, false, "loopback");

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org