Nmap Development mailing list archives
display local mac address in scan results
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Sat, 19 May 2007 16:12:07 +0300
Hi This is a feature request for a small user interaction improvement that hopefully won't require lot of coding. I posted earlier about the same subject, but wasn't a list member at the time, so couldn't take part in discussion. So here we go again. This time with a use case. Joe works as a network administrator in a small company. He uses nmap every now and then to map the company network. He is not familiar with the most advanced features, but knows how to use the most basic scan types, declaring port ranges as well as ip address ranges. He is also aware of the man-page and reads it when he encounters difficulties. Joe is currently documenting the network and needs to find out mac addresses of hosts currently present. Joe also needs to add network interface card manufacturers into the documentation. The manufacturer information is used in the company as reference when discussing about network interface card drivers or buying new cards. It is Friday afternoon and Joe has made an agreement to drink a few beers with his friend Peter once he is done with writing the documentation. Peter isn't working on Fridays so he is ready to go once Joe is done with his work. Joe is supposed to call him once he completes. Joe opens a terminal on his Ubuntu pc and executes... joe@joespc:~$ sudo nmap -sP 192.168.1.0/24 Starting Nmap 4.21ALPHA4 ( http://insecure.org ) at 2007-05-19 15:11 EEST Host 192.168.1.1 appears to be up. MAC Address: 00:18:39:33:B4:E8 (Cisco-Linksys) Host 192.168.1.101 appears to be up. Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.848 seconds (In a real situation there would of course be more than two hosts ;-) Joe reads the results and notices that mac address of the local network interface was not included in the scanning results. He remembers that nmap is able to list local interfaces along with their type. Joe looks at the nmap man page and finds the --iflist option. Joe now executes... joe@joespc:~$ sudo nmap --iflist | grep ethernet eth0 (eth0) 192.168.1.101/24 ethernet up 00:02:B3:33:12:6B Joe now has all the mac addresses, but he is still missing the manufacturer. Joe searches a list of mac address ranges on the Internet. In the list he can find name of the manufacturer of his card. Joe writes the documentation and leaves to drink beer with Peter. It would spare Joe some time, if nmap displayed the local network interface card mac address and manufacturer information during a scan in a similar fashion as it does with the remote hosts. Iflist could of course also list the manufacturer, but I personally consider this less important. --Toni
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- display local mac address in scan results Toni Ruottu (May 19)
- Re: display local mac address in scan results Amit Kumar Saha (May 19)
- Re: display local mac address in scan results Kris Katterjohn (Jun 01)