Nmap Announce mailing list archives
Re: mac addr lookups?
From: Terje Elde <delta () mail-me com>
Date: Wed, 17 Feb 1999 08:47:49 +0100 (CET)
On Tue, 16 Feb 1999, Fyodor wrote:
This is not actually my reason for disapproval. The reason I don't plan on adding this it is that it only works in the very specific case where: 1) You are using ethernet 2) Your target is using ethernet 3) You are on the *same* ethernet segment
This might seem like a tiny bit of the network, but when you think of it, my guess is that teh local network is the most scanned network there is. EVERYBODY scans the local network, even if just to test nmap :)
I don't think it is worth the code bloat or confusion to add such a special-case feature. Plus you should generally be able to do an 'arp -a' after the scan and see what hardware address the target (or several targets) are using.
This is true, but it doesn't offer anything even remotly close to what nmap could do. I've seen your coding, and when you do something, you do it the way it should be :)
As further clarification, here is the (relevant parts of) the mail I sent to //Stany in December: That is a good idea. I've considered adding that feature a while back, but thing is (as you mentioned) it will only work for machines on people's local ethernet. And in most case people already know what other machines on their network are running. Also nowadays just because it is a SUN or Macintosh does not mean it runs Solaris or MacOS. Even an HP or Amiga box could be running NetBSD, OpenBSD, etc. It is also really easy to change the MAC address on some operating systems. On Linux you can do 'ifconfig eth0 hw 08:00:20:74:31:2A' and look like a Sun. However this isn't a big problem; almost everything nmap tests for could be spoofed.
YES; It's easy to change, but that's also half the point here. Anyways, thanks to Nathan Catlow who pointed out the stuff that I was either too tired or too stupid to think off (hope it was the first one) To summon up my view of the thing: There ARE lots of advantages to this. True, it can be spoofed, but in the end all a scanner can do is scan and report to the user who then draws his conclutions. I for one would love some more input without having hammer it would of my old tools which arn't doing a good job at this. Friendly greetings, Terje Elde ------------- NOTE: My mail have been thrown from one system to another lately, I might not have replied to all mails, if not, please let me know.
Current thread:
- mac addr lookups? Terje Elde (Feb 15)
- Re: mac addr lookups? Dug Song (Feb 15)
- Re: mac addr lookups? Matthew Franz (Feb 15)
- Re: mac addr lookups? //Stany (Feb 15)
- Re: mac addr lookups? Terje Elde (Feb 15)
- <Possible follow-ups>
- Re: mac addr lookups? Fyodor (Feb 16)
- Re: mac addr lookups? White Cap (Feb 16)
- Re: mac addr lookups? ajax (Feb 16)
- Re: mac addr lookups? Nathan Catlow (Feb 16)
- Re: mac addr lookups? Terje Elde (Feb 17)
- Re: mac addr lookups? White Cap (Feb 16)
- RE: mac addr lookups? Escobar, Henry J. (Feb 17)
- RE: mac addr lookups? White Cap (Feb 17)
- RE: mac addr lookups? Fyodor (Feb 17)
- RE: mac addr lookups? White Cap (Feb 17)
- RE: mac addr lookups? wanb0y (Feb 17)