Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Patch] Fixing the MAC address in Nmap's ARP discovery

From: Jay Bosamiya <jaybosamiya () gmail com>
Date: Sat, 31 May 2014 16:35:26 +0530
I guess I should have put "wrong" in quotes. :)

I have committed this in as revision 32920 (after modifying the comment
in scan_engine.cc to make it little more descriptive).

Cheers,
Jay

On Thursday 29 May 2014 03:27 AM, Daniel Miller wrote:

List,

I did some research on this, and I found that, although Linux and
Windows at least do set the target MAC address (ar$tha) to
00-00-00-00-00-00, this is not a necessity of the protocol. RFC 826
(https://tools.ietf.org/html/rfc826) has this to say:

It does not set ar$tha to anything in particular,
because it is this value that it is trying to determine.  It
could set ar$tha to the broadcast address for the hardware (all
ones in the case of the 10Mbit Ethernet) if that makes it
convenient for some aspect of the implementation. 
The target hardware address is included for completeness and
network monitoring.  It has no meaning in the request form, since
it is this number that the machine is requesting.  Its meaning in
the reply form is the address of the machine making the request.
In some implementations (which do not get to look at the 14.byte
ethernet header, for example) this may save some register
shuffling or stack space by sending this field to the hardware
driver as the hardware destination address of the packet.

The Wireshark Wiki on Gratuitous ARP
(http://wiki.wireshark.org/Gratuitous_ARP) notes that Solaris sends
ARP requests with ar$tha set to ff-ff-ff-ff-ff-ff, which is the only
suggested value in the RFC.

In other words, there's no reason Nmap's implementation is "wrong"
(and it has certainly been working fine for years!), but this patch
will make Nmap conform to the way that currently-popular OSs do
things. I've tested it and find no problems, so if there are no
objections, I will ask Jay to commit the change.

Dan


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: