Nmap Development mailing list archives
ARP scanning and VMware
From: Paul Johnston <paj () pajhome org uk>
Date: Fri, 29 Jul 2011 13:24:05 +0100
Hi, I've been doing ARP scanning using nmap from a VMware guest (Backtrack 4.2) using bridged networking. I've noticed that the VMware host machine doesn't appear in the scan results. In fact, looking closer, the host doesn't respond to the ARP requests at all - even ones generated by the guest's kernel. It seems the only way to guest ever knows the hosts address is receiving ARP queries inbound. I presume this is due to the VMware virtual switch not forwarding broadcast frames quite right. It may be worth mentioning this in the documentation somewhere as a potential gotcha. I also wondered how the scan detects local addresses - it doesn't generate an ARP request for these. Is it looking at the output of ifconfig? I need a reliable way to detect all hosts on the network. At the moment, my best option seems to be combining an ARP scan with the local ARP cache. I wondered if anyone had any better suggestions? Perhaps I should report this to VMware as a bug. Paul _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ARP scanning and VMware Paul Johnston (Jul 29)