Re: MAC address

[Curtis Doty <Curtis () GreenKey net>]

10:28am Fyodor said:

> I would like to print the MAC address for a host based on the packets
> received.  As Testic mentions this will only work on a LAN.  And of
> course only on Ethernet and similar systems (like 802.11B).  It is
> still valuable enough that I hope to add it this year.  If someone
> wants it desperately enough, you can consider sending a patch earlier
> :).  I might also do a number-of-hops test of some sort both as useful
> information in itself and to determine whether the next hop is the
> actual target and thus corresponds to the received MAC.

To audit LANs, I'm in the habit of firing up Craig Leres' arpwatch and 
using nmap to generate the sweep of ARPs. But directly integrating this 
into nmap would be really handy for ad-hoc MAC collecting.

FYI, recent arpwatch activity after much dormancy:
ftp://ftp.ee.lbl.gov/arpwatch-2.1a13.tar.gz
v2.1 Thu Jan 22 14:05:27 PST 2004
v2.0.2 Sat Jun  7 03:15:03 PDT 1997

If course, there is always this rather lowbrow way on linux:

nmap -sP LAN/MASK ; arp -n |grep -v incomplete

I should point out that collecting MACs across VLANs is a separate puzzle 
to solve and would involve targeting weaknesses in your upstream switch 
fabric.

../C


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org