Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Why can't discover host in my LAN even though it responds over ARP?

From: Jacek Wielemborek <d33tah () gmail com>
Date: Sun, 9 Jul 2017 15:14:07 +0200
On 08.07.2017 12:33, Rob Nicholls wrote:

If the IPs are assigned to the same Linux host on different interfaces, it is possible that the host is responding to 
the ARP request received on what looks like the WiFi interface for the target IP and is replying from the second 
(primary? Ethernet?) interface with the value of its second IP on the same subnet. This is known as ARP flux. You may 
need to reconfigure your values for net.ipv4.conf.all.arp_ignore, net.ipv4.conf.all.arp_announce in /etc/sysctl.conf 
with different values (e.g. 1 and 2 respectively). Once Nmap sees an ARP response for the right target IP address it 
should think the host is up and continue with the scan.


Thanks Rob! I didn't know this was possible.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: