Nmap Development mailing list archives
ARP scan on Mac OS, only the gateway MAC is shown
From: Giuliano <giuliano () 108 bz>
Date: Wed, 24 Aug 2011 11:36:01 +0100
Hi Guys, I'm on Mac OS (Lion 10.7.1), trying to get a list of live MAC addresses on the connected network segment... nmap is being run as root, across wireless. When I probe the default gateway, everything looks fine: # ./nmap-5.51/nmap -e en1 --send-eth -sP -PR 10.0.0.1 Host is up (0.0017s latency). MAC Address: 00:64:DE:AD:BE:EF (Cisco Systems) When I try to do the same on another host: # ./nmap-5.51/nmap -e en1 --send-eth -sP -PR 10.0.0.234 Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Turning on verbose/debug reveals that nmap isn't even attempting to do ARP, as if host .234 was on another ethernet segment. But --iflist shows: ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MTU MAC lo0 (lo0) 127.0.0.1/8 loopback up 16384 en1 (en1) 10.0.0.36/24 ethernet up 1500 xx:xx:xx:xx:xx:xx **************************ROUTES************************** [..a bunch of routes..] 127.0.0.0/8 lo0 127.0.0.1 0.0.0.0/0 en1 10.0.0.1 If I change the -PR in -PE, the host reports as UP but I'm still seeing no ARP going on... A single ICMP packet is sent to the default gateway, using the gateway's MAC. A response is received, with the target host's MAC as source. I tried different nmap versions, with/without the builtin libcap, as root or as a normal user, etc. Needless to say, on Linux I've got no issues whatsoever. How nmap could possibly get confused about what networks are connected? thanks, -- Giuliano _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ARP scan on Mac OS, only the gateway MAC is shown Giuliano (Aug 24)
- Re: ARP scan on Mac OS, only the gateway MAC is shown David Fifield (Sep 24)