Nmap Development mailing list archives
big trouble with arp and nmap ...
From: Matthias Eckert <matzetronic () gmx de>
Date: Thu, 03 Aug 2006 21:56:01 +0200
Hello Fyodor, first - sorry for my english, it's very poor :-( i have found a bug in nmap - i think. when i scanned several systems in my local network, i often saw an output like this: ------------------------------------- root@thinky:~# nmap -P0 192.168.20.36 Starting Nmap 4.10 ( http://www.insecure.org/nmap/ ) at 2006-08-03 11:12 CEST Nmap finished: 1 IP address (0 hosts up) scanned in 0.293 seconds root@thinky:~# ------------------------------------- but, the hosts are already up and reachable ! tcpdump shows arp-requests and arp-replies too, but nmap doesn't wait for the reply and exits. here is the tcpdump output from the scan above: ------------------------------------- root@thinky:~# tcpdump -n arp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 11:12:24.008506 arp who-has 192.168.20.36 (ff:ff:ff:ff:ff:ff) tell 192.168.20.50 11:12:24.112301 arp who-has 192.168.20.36 (ff:ff:ff:ff:ff:ff) tell 192.168.20.50 11:12:24.247708 arp reply 192.168.20.36 is-at 00:06:5b:8d:73:3b 11:12:24.823759 arp reply 192.168.20.36 is-at 00:06:5b:8d:73:3b 4 packets captured 8 packets received by filter 0 packets dropped by kernel root@thinky:~# ------------------------------------- everytime i can see the arp-reply, but never the mac-address from 192.168.20.36 in my arp-cache. i can temporarly solve this problem, if i do a "ping -c1 192.168.20.36" before using nmap. then i have the mac-address in my arp-table - all happy - nmap works fine. i also tried an arp-scan (-sP -PR) of my local network with nmap, but not all of my hosts are showed as runnning :-( i recognized this behavior with nmap version 4.10 and 4.11 - other versions untested. is it possible to increase the timeout for arp-replies in nmap or do you have another solution for my problem? Regards, Matze _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- big trouble with arp and nmap ... Matthias Eckert (Aug 03)