Nmap Development mailing list archives
ARP ping, netmask and fallback to ICMP
From: "J.P. Delport" <jpdelport () csir co za>
Date: Mon, 10 Oct 2005 17:02:10 +0200
Hi, I have been trying to ARP ping some hosts on a local ethernet segment. ARP pings get sent only when the IP addresses are on the same subnet as that of my network card (Win32 & Linux, class C). Short of changing the actual card netmask (a pain on Windows with DHCP enabled - lots of clicking), is there a way to force nmap to send ARP requests even when the targets are not on my subnet? (I know they are on my eth segment.) When I force the variable directly_connected to true in targets.cc's nexthost function, I can successfully send ARP requests to the hosts I am interested in, but then I run into the next problem: When sending an ARP to hosts not on my subnet, I get an ARP response from target hosts, but also from a switch actings as a proxy for them. nmap currently only stores one MAC address for the target - sometimes this is the target host and sometimes the proxy. Maybe it could be usefull to supply a MAC address that nmap ignores in ARP replies? Last idea: it came as a surprise to me that nmap fell back on (the more IDS noisy) ICMP ping when I requested ARP ping with -PR. Maybe it should be stated in the docs/man page or maybe nmap must not fall back? I also get ICMP when I try to fake my source IP with -S. thanks for the great tool regards jp -- This message is subject to the CSIR's copyright, terms and conditions and e-mail legal notice. Views expressed herein do not necessarily represent the views of the CSIR. CSIR E-mail Legal Notice http://mail.csir.co.za/CSIR_eMail_Legal_Notice.html CSIR Copyright, Terms and Conditions http://mail.csir.co.za/CSIR_Copyright.html For electronic copies of the CSIR Copyright, Terms and Conditions and the CSIR Legal Notice send a blank message with REQUEST LEGAL in the subject line to HelpDesk () csir co za. This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks Transtec Computers for their support. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- ARP ping, netmask and fallback to ICMP J.P. Delport (Oct 10)
- Re: ARP ping, netmask and fallback to ICMP Nils Magnus (Oct 10)
- Re: ARP ping, netmask and fallback to ICMP J.P. Delport (Oct 11)
- Re: ARP ping, netmask and fallback to ICMP Richard Moore (Oct 11)
- Re: ARP ping, netmask and fallback to ICMP J.P. Delport (Oct 11)
- Re: ARP ping, netmask and fallback to ICMP Nils Magnus (Oct 10)