Nmap Development mailing list archives
Re: OSX & FreeBSD ARP scan problem
From: David Fifield <david () bamsoftware com>
Date: Sun, 1 Jan 2012 22:08:51 -0800
On Mon, Dec 12, 2011 at 02:48:04PM -0500, Jon Schipp wrote:
I apologize if this mail message is not appropriate for this list. Are there known issues when doing ARP based host discovery from FreeBSD and/or OSX systems? When I'm scanning my local network(targets on same segment), on Linux, nmap defaults to the ARP scan like normal for determining whether a host is alive. However, when I use FreeBSD or OSX 10.6 (only hosts I've tried) on the same network, it skips the ARP scan and jumps into the normal Ping scan. When I specify -PR for host discovery Nmap immediately reports that all hosts are down without sending out any traffic. I've verified all output with --reason, --packet-trace, and with tcpdump. FYI: Both systems have multiple NIC's, I've tried setting the NIC with -e <interface> and it still does the same thing. I'm using 5.51 on FreeBSD and on OSX. I was just curious to whether this was some BSD-"like" implementation issue or maybe I'm just doin' it wrong.
No, there isn't anything special about BSD in this regard. Try nmap --iflist to see what Nmap's idea of your routing table is. You can also try this: nmap --route-dst x.x.x.x to see if Nmap thinks x.x.x.x is on the same subnet or not. For example, nmap --route-dst 192.168.0.1 192.168.0.1 br0 br0 srcaddr 192.168.0.21 direct nmap --route-dst scanme.nmap.org 74.207.244.221 br0 br0 srcaddr 192.168.0.21 nexthop 192.168.0.1 The "direct" in the first one shows that Nmap can use ARP scan for it. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: OSX & FreeBSD ARP scan problem David Fifield (Jan 01)