Nmap Development mailing list archives
[Patch] Fixing the MAC address in Nmap's ARP discovery
From: Jay Bosamiya <jaybosamiya () gmail com>
Date: Tue, 27 May 2014 13:39:33 +0530
Hi All! Nmap's ARP discovery uses the wrong MAC address in the target field of ARP requests. It uses ff:ff:ff:ff:ff:ff instead of the 00:00:00:00:00:00 that all other IP stacks (Linux, Win) use. This allows people to trivially discover Nmap scans on their network. This was reported by A Brodskiy. Link: [1]. I modified some code in scan_engine.cc that makes sure that 00:00:00:00:00:00 is used instead. (Patch is attached) After the patch, the arp packets for the OS and arp packets from Nmap are indistinguishable. I have tested the patch and it seems to leave all other functionality unchanged. Feedback is welcome as always. :) PS: Thanks for the report Alex. :) Cheers Jay Links: [1] http://seclists.org/nmap-dev/2011/q3/547
Attachment:
arp.patch
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [Patch] Fixing the MAC address in Nmap's ARP discovery Jay Bosamiya (May 27)
- Re: [Patch] Fixing the MAC address in Nmap's ARP discovery Daniel Miller (May 28)
- Re: [Patch] Fixing the MAC address in Nmap's ARP discovery Jay Bosamiya (May 31)
- Re: [Patch] Fixing the MAC address in Nmap's ARP discovery Daniel Miller (May 28)