Nmap Development mailing list archives
Re: -NP ignored when running as root
From: David Fifield <david () bamsoftware com>
Date: Sat, 18 Jul 2009 22:44:30 -0600
On Sat, Jul 18, 2009 at 09:03:23AM -0400, Mike Calmus wrote:
At 12:26 AM +0000 7/17/09, Brandon Enright wrote:>Hi, please try running again as root, this time with the --send-ip >option. That will disable the ARP ping. If that works, then there is >something wrong with the way ARP ping work against Windows 7 and >possibly Solaris 10. > >http://seclists.org/nmap-dev/2009/q1/0176.html > >That was caused by Solaris sending back ARP replies to the broadcast >Ethernet address. If --send-ip works for you, please let us know. If >you could get a packet capture of the ARP traffic, that would be very >helpful. > >Please let us know, because this is something that can be fixed with >a little more information. > >David Fifield Using the --send-ip option does seem to work. I won't be able to get a packet capture until later, though. I will forward that along as soon as I can.Hey Mike, are you by any chance connecting to a wireless AP with client isolation turned on? In addition to a packet capture, the output of "arp -a" after a scan could be moderately useful.I do have a wireless AP, but client isolation isn't turned on AFAIK. When I run a packet capture in Wireshark, I see two ARP messages like the following sent from my machine: ff:ff:ff:ff:ff:ff 00:1e:52:83:c6:a6 0x0806 0x0001 0x0800 0x06 0x04 00:01 00:1e:52:83:c6:a6 192.168.1.194 ff:ff:ff:ff:ff:ff 192.168.1.190
I am more interested in seeing the ARP replies from the Windows host. The issue with Solaris 10 is that the replies are broadcast, not sent back to the MAC address of the requesting machine. http://seclists.org/nmap-dev/2009/q1/0176.html Can you send me the .pcap file? Also, please capture ARP packets with a --send-ip scan and send that file too. Another possibility is that Nmap thinks that the host is directly connected because of its address and the interface netmask, but maybe it is not directly connected going through VMware. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap 5.00 Fyodor (Jul 16)
- -NP ignored when running as root Mike Calmus (Jul 16)
- Re: -NP ignored when running as root David Fifield (Jul 16)
- Re: -NP ignored when running as root Mike Calmus (Jul 16)
- Re: -NP ignored when running as root Brandon Enright (Jul 16)
- Re: -NP ignored when running as root Mike Calmus (Jul 18)
- Re: -NP ignored when running as root David Fifield (Jul 18)
- Message not available
- Re: -NP ignored when running as root Michael Pattrick (Jul 18)
- Re: -NP ignored when running as root Mike Calmus (Jul 18)
- Re: -NP ignored when running as root David Fifield (Jul 16)
- -NP ignored when running as root Mike Calmus (Jul 16)