RE: mac addr lookups?

[White Cap <whitecap () dreams res cmu edu>]

On Wed, 17 Feb 1999, Escobar, Henry J. wrote:

> If you want a mac addr lookup tied in with nmap, then write a script to do
> it. Use perl,tcl, or borne or whatever script language you want.
>
> tie in arptool, arp, or hunt or anyother of your favorite arp tools with
> nmap. Make your killer tool do what you want!
>
> None of use are asking Fyodor to build in a compiled in gui for nmap,
> someone used tcl and wish to do that already! (plus who likes guis
> anyways???).
>
> I don't want to see nmap bogged down in code bloat, trying to do more than
> it is supposed to do. nmap is supposed to be a nice, "simple," portscanner
> <PERIOD>. 

Okay, exactly where in the classic port-scanning paradigm does OS
detection fit in?  This doesn't mean that I think OS detection in a
scanner is a bad thing...

Code bloat?  Nothing is "bloat" if it's useful.  The whole point of
incorporating the arp scanner into nmap would be to see if someone is
spoofing mac addresses.  If you use other arp tools, they won't be able to
distinguish spoofed HW addresses because they don't know the remote OS.

Since NMAP is the standard tool now for determining OSes remotely, I would
argue that it makes logical sense to incorporate arp scanning and spoof
detection into it.  Either that or split off OS detection and arp scanning
into a seperate program.

whitecap