Nmap Development mailing list archives
Re: scan based on mac address
From: "sara fink" <sara.fink () gmail com>
Date: Sun, 10 Aug 2008 12:26:26 +0300
Thanks for the tips. ;-) Social engineering was one of the things that crossed my mind. I might use as a last resort. And it shouldn't be a difficult task. The host is behind a router. The router is Digital_D (Digital Data Comm) according to wireshark. Someone happen to know the subnet of this router? I couldn't find anything on google about it. I know the mac address of the router and the host. I don't have a dhcp server. Can install and spoof. The router is wep protected. To Aaron: I completely forgot of netbioscan. Good tip. On Sun, Aug 10, 2008 at 3:26 AM, eldraco <eldraco () gmail com> wrote:
Hi sara, hope this helps... once I use this approach... If the host you want to know the Ip (X host) is in another LAN subnet, but you think is still reacheble (and not behind any router) and you know this host has a different default GW than yours... something like this.: X host is in subnet 192.168.4.0 netmask 255.255.255.0, with default GW 192.168.4.1 And you are in subnet 192.168.1.0 netmask 255.255.255.0 with default GW 192.168.1.1 Under default conditions this host will be unreacheble to you, and to nmap, because it will forward the response to 192.168.4.1 and not to you. You can try to simply tell nmap to scan that subnet from an IP address in that range. The -S parameter. It should work. I think you don't know in which range it is, but you can try..., in my case trying the first ten /24 netwoks worked fine. Other silly ideas could be: can you spoof of sniff the DHCP server if you use one? Can you social engenieer your netadmin??? cheers eldraco El Friday 08 August 2008 19:10:01 sara fink escribió:I tried nmap -sP ip-range and I got the mac address. It didn't solve my problem, because most probably it's not on the same segment. On Fri, Aug 8, 2008 at 11:44 PM, Michael Pattrick <mpattrick () rhinovirus org>wrote:On Fri, Aug 8, 2008 at 4:08 PM, sara fink <sara.fink () gmail com> wrote:Besides I tried to run nmap A T4 ip-range. According to nmap example 15.1inthe output appears the mac address. Unfortunately I didn't receivethemacaddress. I know the mac and want to see the relevant ip.That should work as long as you're on the same LAN segment and the host is still up. At least it works for me. I get: Interesting ports on 10.0.0.1: PORT STATE SERVICE 80/tcp open http MAC Address: 00:0F:B5:13:E8:BE (Netgear) Cheers, Michael_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org-- Ing. Sebastián García http://minsky.surfnet.nl:11371/pks/lookup?op=get&search=0x3E42ED27F864EDE6 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- scan based on mac address sara fink (Aug 08)
- Re: scan based on mac address John Mason Jr (Aug 08)
- Re: scan based on mac address Michael Pattrick (Aug 08)
- Re: scan based on mac address sara fink (Aug 08)
- Re: scan based on mac address Michael Pattrick (Aug 08)
- Re: scan based on mac address sara fink (Aug 08)
- Re: scan based on mac address eldraco (Aug 09)
- Re: scan based on mac address sara fink (Aug 10)
- Re: scan based on mac address Brandon Enright (Aug 11)
- Re: scan based on mac address sara fink (Aug 08)
- Re: scan based on mac address Brandon Enright (Aug 08)
- Re: scan based on mac address sara fink (Aug 08)