Nmap Development mailing list archives
RE: MAC replies
From: "Alex R" <alex () deviousmeans net>
Date: Tue, 19 Oct 2004 16:40:47 +0200
It would only work for LAN port scans. When a frame hits a router the router strips off the Ethernet frame and then adds its own Ethernet frame matching the MAC address. So when you get a frame back its source MAC address is from your router. Nmap only shows MAC addresses of computers on your network segment. -----Original Message----- From: mark () lachniet com [mailto:mark () lachniet com] Sent: Tuesday, October 19, 2004 3:57 PM To: Adam Jacob Muller Cc: nmap-dev () insecure org Subject: Re: MAC replies In a strange (but probably RARE on a LAN) case, you could have a firewall or other device proxy-arp'ing for its NAT service or some kind of proxy, when in fact the host on the other side of the device is actually down. So that would be a false positive. I could see this happening if you were portscanning, say, a DMZ from an inside network, or vice versa. This isn't a particularly important hole in your theory, though, since what you are describing would work pretty well for a LAN portscan in most cases. Mark Lachniet
Now that nmap has the ability to log MAC addresses does it use the fact that it got an arp reply to establish that the host is in fact up, my idea here basically is that an ARP reply is basically the only sure way to determine if a host is up or not, if you don't get one, then that host must be down, if you do in 99.99% of cases it is up (feel free to correct me), so does, or should nmap use a positive ARP reply to say that the host is up? On top of that, ARP replies are also much faster than scanning all ports on closed hosts (-P0). Adam Where is it written in the Constitution, in what article or section is it contained, that you may take children from their parents and parents from their children, and compel them to fight the battles of any war in which the folly and wickedness of the government may engage itself? Under what concealment has this power lain hidden, which now for the first time comes forth, with a tremendous and baleful aspect, to trample down and destroy the dearest right of personal liberty? Who will show me any Constitutional injunction which makes it the duty of the American people to surrender everything valuable in life, and even life, itself, whenever the purposes of an ambitious and mischievous government may require it? . . . A free government with an uncontrolled power of military conscription is the most ridiculous and abominable contradiction and nonsense that ever entered into the heads of men. -Daniel Webster --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
--------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- MAC replies Adam Jacob Muller (Oct 19)
- Re: MAC replies mark (Oct 19)
- RE: MAC replies Alex R (Oct 19)
- Re: MAC replies Brett Campbell (Oct 19)
- Re: MAC replies Tristan Seligmann (Oct 19)
- Re: MAC replies Fyodor (Oct 21)
- Re: MAC replies doug (Oct 21)
- Re: MAC replies mark (Oct 19)