Nmap Development mailing list archives
Re: 2 ideas for NMAP, 1 open question
From: Lamont Granquist <lamont () scriptkiddie org>
Date: Fri, 24 May 2002 01:14:17 -0700 (PDT)
On Fri, 24 May 2002, Fyodor wrote:
ARP scan. I've noticed that this is what happens anyways when you do a TCP or ICMP scan on your local network (just think about it for a second). You could just cut to the chase and do this directly. Ideally do it massivelyHi Lamont! I agree. This is certainly on my (very long) list, but perhaps someone will beat me to the chase :). I have traditionally avoided ethernet-specific stuff, but am slowly changing my mind as it becomes more and more prevalent among home end users.
Like I said, I think ethernet specific features make sense as long as you don't break anything in the process. Ideally you'd write it so that while it was ethernet specific it wouldn't be that difficult to extend it to other link-layers as well. I'd view it just as extending the features of NMAP for its largest "market segment" first -- rather than viewing it as hard-coding in dependencies on ethernet.
broken). Libnet might make ARP scanning a lot easier to implement, and I think the link-layer output could be useful in other circumstances to play with.Libnet is nice, although I have lately been playing with Dug Song's Libdnet ( http://libdnet.sourceforge.net/ ) and have been quite impressed.
Yeah, I might have gotten a bit too specific by mentioning libnet. And if both libnet and libdnet didn't work out, rolling an NMAP-specific (but generally reusable) packet output layer would work too.
IPv6 Anyone got any ideas for how to ping sweep an entire 64-bit address space, corresponding to one network? IPv6 seems to pose some interesting challenges.Yes it does. The good news is that this is being worked on :). Not by me though. A Belgian graduate student named S?bastien Peterson (seb.peterson () easynet be) is working on this for his thesis. Apparently he has some scans working already. I certainly would be interested in integrating that into core Nmap.
Could you use the list of allocated EUI-48's (aka MAC addys) to scan for machines? Program a scanner to go through all eepro100 MACs in a subnet? You've got to get that 64-bit address space cut down somehow (and the whole 128-bit address space is a really nasty problem, just getting a counter to increment completely through 128-bits takes an enormous amount of computing power...) --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- 2 ideas for NMAP, 1 open question Fyodor (May 24)
- Re: 2 ideas for NMAP, 1 open question Lamont Granquist (May 24)
- Re: 2 ideas for NMAP, 1 open question Fyodor (May 24)
- Re: 2 ideas for NMAP, 1 open question Lamont Granquist (May 24)
- Re: 2 ideas for NMAP, 1 open question Andy Lutomirski (May 24)
- <Possible follow-ups>
- RE: 2 ideas for NMAP, 1 open question Rouland, Chris (ISSAtlanta) (May 24)
- Re: 2 ideas for NMAP, 1 open question D. (May 25)
- Re: 2 ideas for NMAP, 1 open question William McVey (May 29)
- Re: 2 ideas for NMAP, 1 open question William McVey (May 30)
- Re: 2 ideas for NMAP, 1 open question Peter Thoenen (May 30)
- Re: 2 ideas for NMAP, 1 open question Andy Lutomirski (May 30)