RE: NMAP and MAC Addresses

["Rob Nicholls" <robert () everythingeverything co uk>]

Wasn't the original question posed to the list:

"Is there a way to retrieve MAC addresses from any subnet using NMAP?"

Dario answered that with a detailed answer that he probably hoped would
explain to Colin why the answer is basically a "no" (because IP networks
don't work that way).

Colin said he is trying to get the MAC address of *every* device (including
"Microsoft to Linux to Other"). So how exactly does "Locate a product called
"CC Get MAC Address"" answer the question that was posed to this list? If
Colin had looked into it in a bit more detail, the CC Get MAC Address tool
clearly states "CCGMA is based on Microsoft Netbios technology" so...

a) you can do exactly the same thing (for free; CCGMA is shareware and costs
money) using Nmap with the nbstat.nse script (or through Windows' built in
nbtstat tool, which is also free)

b) you still won't get a MAC address for Linux or Other devices (or Windows
devices that are filtering NetBIOS traffic).

There is no good answer. You might be able to get some information through
NetBIOS, some through SNMP (if it's enabled and you have the right community
string), or some other kind of voodoo mechanism, but AFAIK there is no
definitive way to get the information that Colin appears to be seeking.

Regards,

Rob


-----Original Message-----
From: Sydie, Colin [mailto:Colin.Sydie () landesk com] 
Sent: 13 February 2008 01:19
To: Dario Ciccarone (dciccaro); nmap-dev () insecure org
Subject: RE: NMAP and MAC Addresses



Don't take it personal!

You stated, "So - neither nmap nor any other tool will be able to give
you the MAC address of a device outside your L2 broadcast domain."

That's a bold statement to make considering it can be done.

Here is the tool:
http://www.youngzsoft.net/cc-get-mac-address/cmacsetup.exe


If you don't know the answer, don't give BS responses.
 
 
 

-----Original Message-----
From: Dario Ciccarone (dciccaro) [mailto:dciccaro () cisco com] 
Sent: Tuesday, February 12, 2008 4:46 PM
To: Sydie, Colin; nmap-dev () insecure org
Subject: RE: NMAP and MAC Addresses

Here. Let me share with you how this works - not on this list but on any
list.

Someone shows up. Asks a question. People with an understanding of the
issue replies trying to help the person. 

It isn't actually my responsability to locate the tool. Feel free to
send us all a link, and I will find the time to (a) read the docs, (b)
install it, and (c) get a packet capture while the tool is running to
understand how it can magically bend the rules of the protocol.

Having said that, let me share with you a link -
http://catb.org/~esr/faqs/smart-questions.html

Pay special attention to
http://catb.org/~esr/faqs/smart-questions.html#keepcool

Thanks,
Dario
 

> -----Original Message-----
> From: Sydie, Colin [mailto:Colin.Sydie () landesk com] 
> Sent: Tuesday, February 12, 2008 7:40 PM
> To: Dario Ciccarone (dciccaro); nmap-dev () insecure org
> Subject: RE: NMAP and MAC Addresses
>
>
>
> The answer shows lack of knowledge of products that are available.
>
> Locate a product called "CC Get MAC Address" and discover the utility
> does provide MAC address feedback from devices on alternate subnets.
> The issue with this product is that I cannot run it as a stand alone
> service and provide the STD OUT result.
>
> Not a good answer.
>  
>  
>  
>  
>  
>
> -----Original Message-----
> From: Dario Ciccarone (dciccaro) [mailto:dciccaro () cisco com] 
> Sent: Tuesday, February 12, 2008 4:33 PM
> To: Sydie, Colin; nmap-dev () insecure org
> Subject: RE: NMAP and MAC Addresses
>
> The question shows lack of understanding of how an IP network works.
>
> Local network = ARP, encap L3 on L2, transmit.
>
> Non-local = ARP for default gateway, encap on L2 frame to 
> local gateway,
> drop into the wire.
>
> Comer and Stevens, or just Stevens. If on a budget,
> http://www.redbooks.ibm.com/Redbooks.nsf/RedbookAbstracts/gg24
> 3376.html
>
> So - neither nmap nor any other tool will be able to give you the MAC
> address of a device outside your L2 broadcast domain. Well, 
> actually you
> can try a "nbtstat -A <ip_address>" for Windows machines.
>
> Dario
>  
>
> > -----Original Message-----
> > From: nmap-dev-bounces () insecure org 
> > [mailto:nmap-dev-bounces () insecure org] On Behalf Of Sydie, Colin
> > Sent: Tuesday, February 12, 2008 7:11 PM
> > To: nmap-dev () insecure org
> > Subject: NMAP and MAC Addresses
> >
> > Hello,
> >
> > I need a little help with NMAP.  I'm trying to run it on a 
> network in
> > which I wish to return MAC addresses from every system.  
> These systems
> > can be anything from Microsoft to Linux to Other.  I want 
> to retrieve
> > everything with a MAC address based on an IP address query.
> >
> > I can get it to work on the same subnet however; I can't seem to
> > retrieve MAC addresses from systems on a different subnet.  
> Is there a
> > way to retrieve MAC addresses from any subnet using NMAP?
> >
> >  
> >
> > Thanks,
> >
> >  
> >
> >  
> >
> > Colin Sydie
> >
> >  
> >
> >  
> >
> >  
> >
> >  
> >
> >  
> >
> >  
> >
> >  
> >
> >  

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org