Nmap Development mailing list archives
Re: Scanning 255.255.255.255 from Windows
From: David Fifield <david () bamsoftware com>
Date: Wed, 18 Nov 2009 22:00:28 -0700
On Mon, Nov 16, 2009 at 07:59:05AM -1100, Hans Nilsson wrote:
Hi! Thanks for your reply. Your suggestion helped me make som progress: nmap -sU -PN -n -p 53 255.255.255.255 -e eth4 nexthost: Failed to determine dst MAC address for target 255.255.255.255 QUITTING!
I looked into this and I can reproduce it. I get the "Failed to determine dst MAC address" message even without -e, though. I think I know why: for some reason the routing table has the gateway for 255.255.255.255/32 set to the local IP address. This machine's IP address is 192.168.0.190 and its Internet gateway is 192.168.0.1. $ nmap --iflist Starting Nmap 5.05BETA1 ( http://nmap.org ) at 2009-11-18 21:44 Mountain Standard Time ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MAC eth0 (eth0) 192.168.0.190/24 ethernet up 00:16:CB:AE:D4:AC lo0 (lo0) 127.0.0.1/8 loopback up ... **************************ROUTES************************** DST/MASK DEV GATEWAY 192.168.0.255/32 eth0 192.168.0.190 192.168.0.190/32 lo0 127.0.0.1 255.255.255.255/32 eth0 192.168.0.190 192.168.0.0/0 eth0 192.168.0.190 127.0.0.0/0 lo0 127.0.0.1 224.0.0.0/0 eth0 192.168.0.190 0.0.0.0/0 eth0 192.168.0.1 Running with --packet-trace, we see that Nmap is sending ARP requests to its gateway for 255.255.255.255, to itself, which I guess is why it's not getting a response. $ nmap 255.255.255.255 -d --packet-trace Packet capture filter (device eth0): arp and ether dst host 00:16:CB:AE:D4:AC SENT (0.2340s) ARP who-has 192.168.0.190 tell 192.168.0.190 SENT (0.3440s) ARP who-has 192.168.0.190 tell 192.168.0.190 SENT (0.6400s) ARP who-has 192.168.0.190 tell 192.168.0.190 nexthost: Failed to determine dst MAC address for target 255.255.255.255 QUITTING! Using another address, for example 255.255.255.254, works fine. I don't know why 255.255.255.255 is routed to localhost, but maybe there's a way to change that.
Quoting myself from the earlier post: "And allowing you to manually set the destination MAC or automatically setting the destination MAC for broadcast packets would be great too." As far as I know there is no such option and thus it's not possible to proceed? (Of course I could go into the source and attempt to fix it that way.)
No, there's no such option. If you want to alter it in the source, I think the place to do it would be in setTargetNextHopMAC in tcpip.cc. You would assign the address into the mac[6] array and return true. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Scanning 255.255.255.255 from Windows Hans Nilsson (Oct 27)
- Re: Scanning 255.255.255.255 from Windows David Fifield (Nov 15)
- Re: Scanning 255.255.255.255 from Windows Hans Nilsson (Nov 16)
- Re: Scanning 255.255.255.255 from Windows David Fifield (Nov 18)
- Re: Scanning 255.255.255.255 from Windows Jon Kibler (Nov 19)
- Re: Scanning 255.255.255.255 from Windows Hans Nilsson (Nov 16)
- Re: Scanning 255.255.255.255 from Windows David Fifield (Nov 15)