Nmap Development mailing list archives
Re: nmap fails to get mac of one host with 2 NICs, one of them with 2 virtual interfaces in same subnet
From: Martin Mačok <martin.macok () underground cz>
Date: Fri, 18 Aug 2006 10:18:40 +0200
On Thu, Aug 17, 2006 at 11:25:20PM -0700, Andrei Jucan wrote:
We want to scan one computer in our network ( unix system ) which has 2 NICs configured as follows: eth0 HWaddr 00:0C:F1:DB:C3:3D inet addr:10.27.0.100 Bcast:10.27.0.255 Mask:255.255.255.0 eth0:1 HWaddr 00:0C:F1:DB:C3:3D inet addr:10.27.0.200 Bcast:10.27.0.255 Mask:255.255.255.0 eth1 HWaddr 00:0A:CD:0F:DB:F8 inet addr:10.27.1.100 Bcast:10.27.1.255 Mask:255.255.255.0
What does happen when you try "arping -b" to different IPs through different networks/interfaces? Are you sure your physical ethernet segments for both IP subnets do not overlap? I suspect your unix system is "Weak ES Model" (RFC112) and so does respond to ARP request through any of its interface. For example, sending "arping -b 10.27.0.100" request to eth1 interface would end up with 00:0A:CD:0F:DB:F8 answer. (Try also using "nmap -vvv -d --packet-trace" to get more info.) Martin Mačok ICT Security Consultant _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- nmap fails to get mac of one host with 2 NICs, one of them with 2 virtual interfaces in same subnet Andrei Jucan (Aug 17)
- Re: nmap fails to get mac of one host with 2 NICs, one of them with 2 virtual interfaces in same subnet Martin Mačok (Aug 18)