Nmap Development mailing list archives
Fw: wrong/false duplicate MAC in nmap -sP listing
From: Mihu RUCAREANU <mihu_rucareanu () hotmail com>
Date: Thu, 17 Dec 2020 22:04:11 +0000
________________________________ From: Mihu RUCAREANU <mihu_rucareanu () hotmail com> Sent: December 11, 2020 12:21 AM To: fyodor () nmap org <fyodor () nmap org> Subject: wrong/false duplicate MAC in nmap -sP listing Hi "Fyodor"-Lyon, I'm an average Linux user, rather beginner and self-taught by trial-and-error, sometimes too perfectionist, but trying to be systematic nonetheless. I'm also an enthusiastic user of your program for detecting when my teenager kids sneak on the network behind my back. ;-) While trying your program for the past couple of months on my home network composed of a few different OS and architectures, I think that lately I might have noticed a bug in the behaviour of Nmap that has crept-in since the last update (approximately a couple of weeks ago) from the official repositories in both Debian and Centos stable releases that affect the way how the latest network protocols are being interpreted in Nmap. First, I have to state that it all seemed to work quite well for my needs at the beginning, but lately all my Linux machines seem to report one false/wrong MAC address (usually the LAN one is falsely reported as identical-duplicate of the WIFI MAC) for laptops that have acquired two different IPs (one for the LAN and another for the WIFI interface) on the same network. Please see attached my edited examples from two of my machines (one Debian 10.7 and one Centos 7.9, both updated to the latest and current official releases) that falsely show identical MAC addresses for the different LAN and WIFI interfaces with their corresponding different IPs local network. (Please note the "yy:yy:yy:yy:yy:yy" MAC address that is consistently duplicated in both examples for a Toshiba laptop that has acquired two IPs - one for the LAN interface and one for the WIFI.) It seems to affect my Ubuntu 20.04 machines as well. Another worrisome behaviour of Nmap comes from the aspect of its inconsistency: both listing file reports are from a simple "nmap -sP" performed on the same local network at the same time, but one detects an Apple iPad and not the iPhone, while the other report does the opposite. As a user I have to combine the two of them to get a (maybe?) more complete report without being certain that I'm still missing a few from my youngsters still playing tricks on me. (I understand that the Debian's nmap version 7.70 was not the latest, but was still capable of discovering some of the hidden ones to the Centos' newest version 7.91 and vice-versa). Thank you for your consideration, Mihu
Attachment:
nmap_bug_Centos_7p9.txt
Description: nmap_bug_Centos_7p9.txt
Attachment:
nmap_bug_Debian_10p7.txt
Description: nmap_bug_Debian_10p7.txt
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Fw: wrong/false duplicate MAC in nmap -sP listing Mihu RUCAREANU (Jan 03)