Nmap Development mailing list archives
[nping] Bug/confusing functionality of --send-eth and missing IP route
From: ValdikSS via dev <dev () nmap org>
Date: Tue, 15 Oct 2019 22:07:08 +0300
Description nping 0.7.70, when used with --send-eth option, would not perform ARP resolution and use ARP-resolved MAC address of destination IP if IP route to the destination IP/network is missing in system routing table AND default route is present. The program's output text does not suggest that it does not perform ARP resolution and tries to send the packet via router, even in --debug mode. Information I have eth0-26042 network interface with 192.168.5.22/24 address only, and default route set: $ ip r default via 192.168.5.1 dev eth0-26042 192.168.5.0/24 dev eth0-26042 proto kernel scope link src 192.168.5.22 This network has 172.16.0.0/16 in the same L2 segment, but there's no route to it. The following nping command with --send-eth option will send ARP requests and successfully resolve MAC address of destination from 172.16.0.0/16, but will not use it to send the packet at all. nping --send-eth --source-ip 172.16.0.100 --dest-ip 172.16.1.1 --udp -c1 --debug … Determining target 172.16.1.1 MAC address or next hop MAC address... > Checking system's ARP cache... > No relevant entries found in system's ARP cache. > Sending ARP request using spoofed IP 172.16.0.100... > No ARP responses received. > Sending ARP request using our real IP 192.168.5.22... > Success: 1 ARP response received [d8:58:d7:4b:4b:0f] +-----------------TARGET-----------------+ Device Name: eth0-26042 Device FullName: eth0-26042 Device Type: Ethernet Directly connected?: no Address family: AF_INET Resolved Hostname: Supplied Hostname: (null) Target Address: 172.16.1.1 Source Address: 192.168.5.22 Spoofed Address: 172.16.0.100 Next Hop Address: 192.168.5.1 *Target MAC Address: 00:00:00:00:00:00* Source MAC Address: a0:a8:cd:7b:7b:96 *Next Hop MAC Address: d8:58:d7:4b:4b:0f* … Despite what the text says "Determining target 172.16.1.1 MAC address or next hop MAC address...", no ARP resolution of destination (172.16.1.1) is performed at all. nping sends only ARP requests to the router default route via (192.168.5.1). d8:58:d7:4b:4b:0f is 192.168.5.1 mac address. Please see the attached files with debug output. Expected result nping, when used with --send-eth, sends ARP request and use resolved MAC address to send RAW Ethernet packet in the same L2 segment. Actual result nping, with used with --send-eth, does not try to perform ARP resolution of the destination and switches to routing mode.
Attachment:
nping_1.txt
Description:
Attachment:
nping_2.txt
Description:
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [nping] Bug/confusing functionality of --send-eth and missing IP route ValdikSS via dev (Oct 15)
- Re: [nping] Bug/confusing functionality of --send-eth and missing IP route ValdikSS via dev (Oct 15)