Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

big trouble with arp and nmap ...

From: Matthias Eckert <matzetronic () gmx de>
Date: Thu, 03 Aug 2006 21:56:01 +0200
Hello Fyodor,

first - sorry for my english, it's very poor :-(
i have found a bug in nmap - i think.

when i scanned several systems in my local network, i often saw an 
output like
this:

-------------------------------------
root@thinky:~# nmap -P0 192.168.20.36

Starting Nmap 4.10 ( http://www.insecure.org/nmap/ ) at 2006-08-03 11:12 
CEST
Nmap finished: 1 IP address (0 hosts up) scanned in 0.293 seconds
root@thinky:~#
-------------------------------------

but, the hosts are already up and reachable !
tcpdump shows arp-requests and arp-replies too, but nmap doesn't wait 
for the
reply and exits. here is the tcpdump output from the scan above:

-------------------------------------
root@thinky:~# tcpdump -n arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

11:12:24.008506 arp who-has 192.168.20.36 (ff:ff:ff:ff:ff:ff) tell 
192.168.20.50
11:12:24.112301 arp who-has 192.168.20.36 (ff:ff:ff:ff:ff:ff) tell 
192.168.20.50
11:12:24.247708 arp reply 192.168.20.36 is-at 00:06:5b:8d:73:3b
11:12:24.823759 arp reply 192.168.20.36 is-at 00:06:5b:8d:73:3b

4 packets captured
8 packets received by filter
0 packets dropped by kernel
root@thinky:~#
-------------------------------------

everytime i can see the arp-reply, but never the mac-address from
192.168.20.36 in my arp-cache.
i can temporarly solve this problem, if i do a "ping -c1 192.168.20.36"
before using nmap.
then i have the mac-address in my arp-table - all happy - nmap works fine.

i also tried an arp-scan (-sP -PR) of my local network with nmap, but 
not all
of my hosts are showed as runnning :-(
i recognized this behavior with nmap version 4.10 and 4.11 - other versions
untested.
is it possible to increase the timeout for arp-replies in nmap or do you 
have
another solution for my problem?

Regards,
Matze


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Previous By Date Next
Previous By Thread Next

Current thread: