Nmap Development mailing list archives
scanning localhost through ARP poisoning
From: "Mike ." <dmciscobgp () hotmail com>
Date: Mon, 14 Apr 2014 21:57:07 +0000
years ago this is how i scanned localhost (windows). you could simply find an unused ip on your subnet and do a quick gratuitous ARP request and grab that ip and use it for your -S source. the command would be something like nmap -n -P0 -T4 -e eth0 (port range) -S (ip you have poisoned) (your ip) i am asking about this because it has been YEARS since i touched nmap and just d/led it today so i am not aware of any changes that might have broke that method. can it still be done? i ran it for more than 20 minutes using ARP-sk to get my ARP poison and i could not get nmap to notice the "borrowed" ip. like i said, i did this all the time back in the day with no issues. i could do Syn scans or even UDP. only way i can scan myself now is with a connect() and it seems to take forever after it finds the first few open ports i am behind a NATed router (192 blah), so i have no idea if the ARP poison can still work. i injected random 192 addresses and got nowhere. if you can help with this, i would appreciate it thank youm|ke _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- scanning localhost through ARP poisoning Mike . (Apr 14)