Nmap Development mailing list archives
Re: NMAP and MAC Addresses
From: Fyodor <fyodor () insecure org>
Date: Fri, 23 Jul 2004 12:51:35 -0700
On Fri, Jul 23, 2004 at 02:35:13PM -0500, Alan Jones wrote:
This is NMAP 3.55 on Windows 2000. I know you can't get a MAC address when crossiing routers etc, but i had been my understanding that you could get the MAC address for others.
It is *almost* supported on Windows. Nmap does obtain the MAC address from winpcap (tested on my machine). Then it calls IPisDirectlyConnected() to determine whether the target seems to be on the same Lan. Nmap uses the routing table on UNIX machines to do this, but I don't know how to do so on Windows. Here is the function: /* Check whether an IP address appears to be directly connected to an interface on the computer (e.g. on the same ethernet network rather than having to route). Returns 1 if yes, -1 if maybe, 0 if not. Windows machines always return -1, because nobody has written a windows version. Any volunteers? */ int IPisDirectlyConnected(struct sockaddr_storage *ss, size_t ss_len) { #if WIN32 return -1; #else struct interface_info *interfaces; int numinterfaces; int i; struct sockaddr_in *sin = (struct sockaddr_in *) ss; if (sin->sin_family != AF_INET) fatal("IPisDirectlyConnected passed a non IPv4 address"); interfaces = getinterfaces(&numinterfaces); for(i=0; i < numinterfaces; i++) { if ((interfaces[i].addr.s_addr & interfaces[i].netmask.s_addr) == (sin->sin_addr.s_addr & interfaces[i].netmask.s_addr)) return 1; } return 0; #endif /* !WIN32 */ } As you can see, it just returns -1 for Windows. If someone writes a working Windows implementation in that space instead, I would be happy to incorporate it. Any volunteers? Barring that (preferable) solution, you can find these lines in tcpip.cc: if (IPisDirectlyConnected(&ss, sslen) == 1) { /* Yay! This MAC address seems valid */ target->setMACAddress(linkhdr->header + 6); return 0; } Remove the "== 1" from that first line, recompile, and the MAC addresses (including vendor lookup) should work on Windows. But they will ALWAYS be shown -- you will get the first-hop router MAC when scanning routed hosts. Cheers, Fyodor --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- NMAP and MAC Addresses Alan Jones (Jul 23)
- Re: NMAP and MAC Addresses Fyodor (Jul 23)
- Re: NMAP and MAC Addresses Alan S. Jones (Jul 24)
- <Possible follow-ups>
- Re: NMAP and MAC Addresses Sean (Jul 24)
- Re: NMAP and MAC Addresses Fyodor (Jul 23)