Nmap Development mailing list archives
Re: display local mac address in scan results
From: Kris Katterjohn <katterjohn () gmail com>
Date: Fri, 01 Jun 2007 12:04:09 -0500
Toni Ruottu wrote:
Hi This is a feature request for a small user interaction improvement that hopefully won't require lot of coding. I posted earlier about the same subject, but wasn't a list member at the time, so couldn't take part in discussion. So here we go again. This time with a use case. Joe works as a network administrator in a small company. He uses nmap every now and then to map the company network. He is not familiar with the most advanced features, but knows how to use the most basic scan types, declaring port ranges as well as ip address ranges. He is also aware of the man-page and reads it when he encounters difficulties. Joe is currently documenting the network and needs to find out mac addresses of hosts currently present. Joe also needs to add network interface card manufacturers into the documentation. The manufacturer information is used in the company as reference when discussing about network interface card drivers or buying new cards. It is Friday afternoon and Joe has made an agreement to drink a few beers with his friend Peter once he is done with writing the documentation. Peter isn't working on Fridays so he is ready to go once Joe is done with his work. Joe is supposed to call him once he completes. Joe opens a terminal on his Ubuntu pc and executes... joe@joespc:~$ sudo nmap -sP 192.168.1.0/24 Starting Nmap 4.21ALPHA4 ( http://insecure.org ) at 2007-05-19 15:11 EEST Host 192.168.1.1 appears to be up. MAC Address: 00:18:39:33:B4:E8 (Cisco-Linksys) Host 192.168.1.101 appears to be up. Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.848 seconds (In a real situation there would of course be more than two hosts ;-) Joe reads the results and notices that mac address of the local network interface was not included in the scanning results. He remembers that nmap is able to list local interfaces along with their type. Joe looks at the nmap man page and finds the --iflist option. Joe now executes... joe@joespc:~$ sudo nmap --iflist | grep ethernet eth0 (eth0) 192.168.1.101/24 ethernet up 00:02:B3:33:12:6B Joe now has all the mac addresses, but he is still missing the manufacturer. Joe searches a list of mac address ranges on the Internet. In the list he can find name of the manufacturer of his card. Joe writes the documentation and leaves to drink beer with Peter. It would spare Joe some time, if nmap displayed the local network interface card mac address and manufacturer information during a scan in a similar fashion as it does with the remote hosts. Iflist could of course also list the manufacturer, but I personally consider this less important. --Toni
Hi Toni! I attached a patch to add vendor information to --iflist. I know that's not exactly what you wanted, but AFAIK the reason the MAC address isn't written for the local interface during a scan is because it's actually done through loopback, so there's no real MAC info to print. Somebody correct me if I'm wrong! And if you use -sP (like in your example) on localhost, not packets are actually sent anyway because ..well ..we know it's up. Maybe it should only be printed if -v is used (or something) because it makes the line a bit longer, and kinda throws off the table (although it's not the only that could cause that). I don't know, I guess we'll see. Let me know if you like the patch, and if it works for you, and I'll see about committing it to the soc07 branch (and it can probably go to /nmap pretty soon after since it's small and simple). Thanks, Kris Katterjohn
Index: output.cc =================================================================== --- output.cc (revision 4813) +++ output.cc (working copy) @@ -306,8 +306,9 @@ Tbl->addItemFormatted(i+1, shortdevcol, false, "(%s)", iflist[i].devname); Tbl->addItemFormatted(i+1, ipcol, false, "%s/%d", inet_ntop_ez(&(iflist[i].addr), sizeof(iflist[i].addr)), iflist[i].netmask_bits); if (iflist[i].device_type == devt_ethernet) { + const char *vendor = MACPrefix2Corp(iflist[i].mac); Tbl->addItem(i+1, typecol, false, "ethernet"); - Tbl->addItemFormatted(i+1, maccol, false, "%02X:%02X:%02X:%02X:%02X:%02X", iflist[i].mac[0], iflist[i].mac[1], iflist[i].mac[2], iflist[i].mac[3], iflist[i].mac[4], iflist[i].mac[5]); + Tbl->addItemFormatted(i+1, maccol, false, "%02X:%02X:%02X:%02X:%02X:%02X (%s)", iflist[i].mac[0], iflist[i].mac[1], iflist[i].mac[2], iflist[i].mac[3], iflist[i].mac[4], iflist[i].mac[5], vendor ? vendor : "Unknown"); } else if (iflist[i].device_type == devt_loopback) Tbl->addItem(i+1, typecol, false, "loopback");
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- display local mac address in scan results Toni Ruottu (May 19)
- Re: display local mac address in scan results Amit Kumar Saha (May 19)
- Re: display local mac address in scan results Kris Katterjohn (Jun 01)