Nmap Development mailing list archives

Re: nmap fails to get mac of one host with 2 NICs, one of them with 2 virtual interfaces in same subnet

From: Martin Mačok <martin.macok () underground cz>
Date: Fri, 18 Aug 2006 10:18:40 +0200

On Thu, Aug 17, 2006 at 11:25:20PM -0700, Andrei Jucan wrote:

We want to scan one computer in our network ( unix system ) which has 2
NICs configured as follows:
eth0      HWaddr 00:0C:F1:DB:C3:3D
          inet addr:10.27.0.100  Bcast:10.27.0.255  Mask:255.255.255.0
eth0:1    HWaddr 00:0C:F1:DB:C3:3D
          inet addr:10.27.0.200  Bcast:10.27.0.255  Mask:255.255.255.0
 
eth1      HWaddr 00:0A:CD:0F:DB:F8
          inet addr:10.27.1.100  Bcast:10.27.1.255  Mask:255.255.255.0


What does happen when you try "arping -b" to different IPs through
different networks/interfaces? Are you sure your physical ethernet
segments for both IP subnets do not overlap?

I suspect your unix system is "Weak ES Model" (RFC112) and so does
respond to ARP request through any of its interface. For example,
sending "arping -b 10.27.0.100" request to eth1 interface would end up
with 00:0A:CD:0F:DB:F8 answer.

(Try also using "nmap -vvv -d --packet-trace" to get more info.)

Martin Mačok
ICT Security Consultant

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

nmap fails to get mac of one host with 2 NICs, one of them with 2 virtual interfaces in same subnet Andrei Jucan (Aug 17)
- Re: nmap fails to get mac of one host with 2 NICs, one of them with 2 virtual interfaces in same subnet Martin Mačok (Aug 18)