Nmap Development mailing list archives
Re: FW: Zenmap from inside network
From: David Fifield <david () bamsoftware com>
Date: Wed, 22 Apr 2009 09:56:55 -0600
On Wed, Apr 22, 2009 at 10:47:39AM -0400, Joe DeMicco wrote:
Thanks for the fast response. It makes sense that if the source address is not on the same network being scanned the replies won't reach the host the scans are originating from. However, what is a bit confusing is if the scanned host is on the same IP subnet as the host originating the scans how can the replies come back. The layer two mac address will be cached on the scanned server but when the replies come back to the scanning machine and get passed from layer two to layer three the ip address won't match and the packet will be dropped.
Usually the source address has to match one of the scanning machine's external addresses in order for scanning to work. If you are running with root privileges (promiscuous mode), then you can also use an address on the same subnet, at least in a broadcast network. (I wasn't sure that would work but I just tried and it does.)
I think there may still be a way to get this to work. What if I create a secondary IP address to match the spoofed source address on the scanning machine. My question is if there's a legitimate host on the network with this spoofed secondary address will there be a conflict?
Right, that's the usual way to do it, but you have to make sure that the packets from the target host will be routed back to the scanning host. If you are testing firewall rules that make a distinction between internal and external addresses, then you will want to use an external source address, and and that will probably not be routed back to your internal machine by default. If you want to see how the network looks from the outside, the best thing to do is to scan it from the outside. If you're using an internal address (same subnet), then yes, you should not use an address that is already assigned to another host. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- FW: Zenmap from inside network Joe DeMicco (Apr 22)
- Re: FW: Zenmap from inside network David Fifield (Apr 22)
- Message not available
- Re: FW: Zenmap from inside network David Fifield (Apr 22)
- Message not available
- Re: FW: Zenmap from inside network David Fifield (Apr 23)
- Message not available
- Re: FW: Zenmap from inside network David Fifield (Apr 22)