display local mac address in scan results

[Toni Ruottu <toni.ruottu () iki fi>]

  Hi

This is a feature request for a small user interaction improvement that
hopefully won't require lot of coding. I posted earlier about the same
subject, but wasn't a list member at the time, so couldn't take part in
discussion. So here we go again. This time with a use case.


  Joe works as a network administrator in a small company. He uses nmap
  every now and then to map the company network. He is not familiar with
  the most advanced features, but knows how to use the most basic scan
  types, declaring port ranges as well as ip address ranges. He is also
  aware of the man-page and reads it when he encounters difficulties.

  Joe is currently documenting the network and needs to find out mac
  addresses of hosts currently present. Joe also needs to add network
  interface card manufacturers into the documentation. The manufacturer
  information is used in the company as reference when discussing about
  network interface card drivers or buying new cards.

  It is Friday afternoon and Joe has made an agreement to drink a
  few beers with his friend Peter once he is done with writing the
  documentation. Peter isn't working on Fridays so he is ready to go
  once Joe is done with his work. Joe is supposed to call him once he
  completes. Joe opens a terminal on his Ubuntu pc and executes...

joe@joespc:~$ sudo nmap -sP 192.168.1.0/24

Starting Nmap 4.21ALPHA4 ( http://insecure.org ) at 2007-05-19 15:11
EEST
Host 192.168.1.1 appears to be up.
MAC Address: 00:18:39:33:B4:E8 (Cisco-Linksys)
Host 192.168.1.101 appears to be up.
Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.848 seconds

  (In a real situation there would of course be more than two hosts ;-)

  Joe reads the results and notices that mac address of the local
  network interface was not included in the scanning results. He
  remembers that nmap is able to list local interfaces along with
  their type. Joe looks at the nmap man page and finds the --iflist
  option.

  Joe now executes...

joe@joespc:~$ sudo nmap --iflist | grep ethernet
eth0 (eth0)  192.168.1.101/24 ethernet up 00:02:B3:33:12:6B

  Joe now has all the mac addresses, but he is still missing the
  manufacturer. Joe searches a list of mac address ranges on the
  Internet. In the list he can find name of the manufacturer of
  his card. Joe writes the documentation and leaves to drink beer
  with Peter.


It would spare Joe some time, if nmap displayed the local network
interface card mac address and manufacturer information during a
scan in a similar fashion as it does with the remote hosts. Iflist
could of course also list the manufacturer, but I personally
consider this less important.


  --Toni

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org