Wireshark mailing list archives
Re: Scanning subnetwork considered bad or not?
From: Stephen Fisher <steve () stephen-fisher com>
Date: Thu, 4 Aug 2011 11:37:51 -0600
On Mon, Jul 25, 2011 at 02:25:29PM +0200, RUOFF, LARS (LARS)** CTR ** wrote:
After setting up a trap, i finally found the guilty to be the Canon Network Scanner utility. (The word "Scanner" here initially stands for machines scanning sheets of paper, not networks! ;) )
It's trying to make a network connection of some sort to every IP address on the subnet. If there isn't already an ARP entry for that IP address in the local machine's ARP cache, then it has to generate an ARP request to find it if it's there.
Ok, so normal behaviour. But isn't this behaviour seriously violating LAN netiquette??
Yes.
Do a lot of services use this?
I don't think so, but many use almost-just-as-annoying broadcasts which reach every device anyway.
I guess that this would be a NO GO in an enterprise environment?
I would say yes, but after years of experience working in such environments, it turns out that most don't care since it's more important that things "just work" (no matter how poorly they are implemented) than "do the right thing" :(. It would be better to use multicasts and/or a standardized method of service discovery such as Simple Service Discovery Protocol (SSDP). ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Scanning subnetwork considered bad or not? Stephen Fisher (Aug 04)