Nmap Development mailing list archives
Re: ARP scanning and VMware
From: David Fifield <david () bamsoftware com>
Date: Fri, 7 Oct 2011 15:27:40 -0700
On Fri, Jul 29, 2011 at 01:24:05PM +0100, Paul Johnston wrote:
Hi, I've been doing ARP scanning using nmap from a VMware guest (Backtrack 4.2) using bridged networking. I've noticed that the VMware host machine doesn't appear in the scan results. In fact, looking closer, the host doesn't respond to the ARP requests at all - even ones generated by the guest's kernel. It seems the only way to guest ever knows the hosts address is receiving ARP queries inbound. I presume this is due to the VMware virtual switch not forwarding broadcast frames quite right. It may be worth mentioning this in the documentation somewhere as a potential gotcha. I also wondered how the scan detects local addresses - it doesn't generate an ARP request for these. Is it looking at the output of ifconfig?
Nmap compares the address against the local interface table. It doesn't look at ifconfig but uses one of a variety of platform-specific methods to get teh interface table. See route_dst_generic in libnetutil/netutil.cc. /* First check if dst is one of the localhost's own addresses. We need to use a localhost device for these. */ David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: ARP scanning and VMware David Fifield (Oct 07)