Nmap Development mailing list archives
Re: Why can't discover host in my LAN even though it responds over ARP?
From: Jacek Wielemborek <d33tah () gmail com>
Date: Sun, 9 Jul 2017 15:14:07 +0200
On 08.07.2017 12:33, Rob Nicholls wrote:
If the IPs are assigned to the same Linux host on different interfaces, it is possible that the host is responding to the ARP request received on what looks like the WiFi interface for the target IP and is replying from the second (primary? Ethernet?) interface with the value of its second IP on the same subnet. This is known as ARP flux. You may need to reconfigure your values for net.ipv4.conf.all.arp_ignore, net.ipv4.conf.all.arp_announce in /etc/sysctl.conf with different values (e.g. 1 and 2 respectively). Once Nmap sees an ARP response for the right target IP address it should think the host is up and continue with the scan.
Thanks Rob! I didn't know this was possible.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Why can't discover host in my LAN even though it responds over ARP? Jacek Wielemborek (Jul 08)
- Message not available
- Re: Why can't discover host in my LAN even though it responds over ARP? Jacek Wielemborek (Jul 09)
- Message not available