In CentOS 4 does anyone know the switches to get NMAP to reveal the MAC of the host being scanned ? I cant seem to find it and i am using nmap-4.20 - i am sure this was available somehow on older releases. thanks
Sorry I don't have the answer off hand, but it might be as simple as increasing the level of verbosity. Another option is the 'arp' command, at least if the host is on the same network. Mike On Wed, May 7, 2008 at 12:07 PM, Tom Brown <tom at ng23.net> wrote:> In CentOS 4 does anyone know the switches to get NMAP to reveal the MAC of > the host being scanned ? > > I cant seem to find it and i am using nmap-4.20 - i am sure this was > available somehow on older releases. > > thanks > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080507/9163e001/attachment.html>
Tom Brown wrote:> In CentOS 4 does anyone know the switches to get NMAP to reveal the > MAC of the host being scanned ? > > I cant seem to find it and i am using nmap-4.20 - i am sure this was > available somehow on older releases. > > thanks > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >Must be some other issue.... [root at localhost ~]# nmap XXX.XXX.XXX.101 Starting Nmap 4.52 ( http://insecure.org ) at 2008-05-07 10:45 PDT Interesting ports on XXX.XXX.XXX.101: Not shown: 1712 closed ports PORT STATE SERVICE 80/tcp open http 1024/tcp open kdm MAC Address: 00:B0:19:FF:8C:D4 (Casi-Rusco) Nmap done: 1 IP address (1 host up) scanned in 2.029 seconds [root at localhost ~]# Appears to not require any switches.....
Tom Brown wrote:> In CentOS 4 does anyone know the switches to get NMAP to reveal the > MAC of the host being scanned ? > > I cant seem to find it and i am using nmap-4.20 - i am sure this was > available somehow on older releases.MAC address is only available on the same network segment... And, I've noticed hte newer versions of nmap only seem to show it if you run it as root.... $ sudo nmap -sP -n 192.168.0.0/24 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-05-06 23:30 PDT Host 192.168.0.1 appears to be up. MAC Address: 00:04:75:74:0B:3C (3 Com) Host 192.168.0.2 appears to be up. MAC Address: 00:14:85:89:3F:1B (Giga-Byte) Host 192.168.0.3 appears to be up. MAC Address: 00:07:E9:DE:CC:B7 (Intel) Host 192.168.0.10 appears to be up. Host 192.168.0.140 appears to be up. MAC Address: 00:0E:35:C6:F1:95 (Intel) Host 192.168.0.144 appears to be up. MAC Address: 00:13:CE:67:DC:12 (Intel Corporate) Host 192.168.0.251 appears to be up. MAC Address: 00:0F:66:A0:58:ED (Cisco-Linksys) Nmap finished: 256 IP addresses (7 hosts up) scanned in 6.576 seconds vs... $ nmap -sP -n 192.168.0.0/24 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-05-07 11:17 PDT Host 192.168.0.1 appears to be up. Host 192.168.0.2 appears to be up. Host 192.168.0.3 appears to be up. Host 192.168.0.10 appears to be up. Host 192.168.0.251 appears to be up. Nmap finished: 256 IP addresses (5 hosts up) scanned in 2.402 seconds You have new mail in /var/spool/mail/pierce $ nmap -V Nmap version 4.11 ( http://www.insecure.org/nmap/ )
Tom Brown wrote:> In CentOS 4 does anyone know the switches to get NMAP to reveal the MAC > of the host being scanned ?Others have given you good answers, but I felt I could share some insight on the matter.. The MAC address of a NIC is used by switches to send packets out the right port - As soon as you add a routing element, all traffic to a routed IP appears to be destined for the router, if one goes by the MAC address in the packet. If the destination MAC were to be encoded in the packet, no switches would be able to keep their internal tables sane, as it would be flooded with MACs, all on the same port (the one connected to the gateway). When a switch recieves a packet adressed to a MAC that doesn't appear in the switch-internal list, the packet will be flooded (sent out on all ports). Once a packet from that MAC passes through the switch, that MAC will be added to the list, and future packets only leave that one port. The main function of a switch is to keep irrelevant packets away from hosts, but packets to unknown (to the switch) hosts get sent everywhere, just like a Hub would do. -- Cheers, Morten :wq