[CentOS] NMAP - reveal MAC address
In CentOS 4 does anyone know the switches to get NMAP to reveal the MAC of the host being scanned ? I cant seem to find it and i am using nmap-4.20 - i am sure this was available somehow on older releases. thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NMAP - reveal MAC address
Sorry I don't have the answer off hand, but it might be as simple as increasing the level of verbosity. Another option is the 'arp' command, at least if the host is on the same network. Mike On Wed, May 7, 2008 at 12:07 PM, Tom Brown <[EMAIL PROTECTED]> wrote: > In CentOS 4 does anyone know the switches to get NMAP to reveal the MAC of > the host being scanned ? > > I cant seem to find it and i am using nmap-4.20 - i am sure this was > available somehow on older releases. > > thanks > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NMAP - reveal MAC address
Tom Brown wrote: In CentOS 4 does anyone know the switches to get NMAP to reveal the MAC of the host being scanned ? I cant seem to find it and i am using nmap-4.20 - i am sure this was available somehow on older releases. thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Must be some other issue [EMAIL PROTECTED] ~]# nmap XXX.XXX.XXX.101 Starting Nmap 4.52 ( http://insecure.org ) at 2008-05-07 10:45 PDT Interesting ports on XXX.XXX.XXX.101: Not shown: 1712 closed ports PORT STATE SERVICE 80/tcp open http 1024/tcp open kdm MAC Address: 00:B0:19:FF:8C:D4 (Casi-Rusco) Nmap done: 1 IP address (1 host up) scanned in 2.029 seconds [EMAIL PROTECTED] ~]# Appears to not require any switches. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NMAP - reveal MAC address
Tom Brown wrote: In CentOS 4 does anyone know the switches to get NMAP to reveal the MAC of the host being scanned ? I cant seem to find it and i am using nmap-4.20 - i am sure this was available somehow on older releases. MAC address is only available on the same network segment... And, I've noticed hte newer versions of nmap only seem to show it if you run it as root $ sudo nmap -sP -n 192.168.0.0/24 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-05-06 23:30 PDT Host 192.168.0.1 appears to be up. MAC Address: 00:04:75:74:0B:3C (3 Com) Host 192.168.0.2 appears to be up. MAC Address: 00:14:85:89:3F:1B (Giga-Byte) Host 192.168.0.3 appears to be up. MAC Address: 00:07:E9:DE:CC:B7 (Intel) Host 192.168.0.10 appears to be up. Host 192.168.0.140 appears to be up. MAC Address: 00:0E:35:C6:F1:95 (Intel) Host 192.168.0.144 appears to be up. MAC Address: 00:13:CE:67:DC:12 (Intel Corporate) Host 192.168.0.251 appears to be up. MAC Address: 00:0F:66:A0:58:ED (Cisco-Linksys) Nmap finished: 256 IP addresses (7 hosts up) scanned in 6.576 seconds vs... $ nmap -sP -n 192.168.0.0/24 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-05-07 11:17 PDT Host 192.168.0.1 appears to be up. Host 192.168.0.2 appears to be up. Host 192.168.0.3 appears to be up. Host 192.168.0.10 appears to be up. Host 192.168.0.251 appears to be up. Nmap finished: 256 IP addresses (5 hosts up) scanned in 2.402 seconds You have new mail in /var/spool/mail/pierce $ nmap -V Nmap version 4.11 ( http://www.insecure.org/nmap/ ) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NMAP - reveal MAC address
Tom Brown wrote: In CentOS 4 does anyone know the switches to get NMAP to reveal the MAC of the host being scanned ? Others have given you good answers, but I felt I could share some insight on the matter.. The MAC address of a NIC is used by switches to send packets out the right port - As soon as you add a routing element, all traffic to a routed IP appears to be destined for the router, if one goes by the MAC address in the packet. If the destination MAC were to be encoded in the packet, no switches would be able to keep their internal tables sane, as it would be flooded with MACs, all on the same port (the one connected to the gateway). When a switch recieves a packet adressed to a MAC that doesn't appear in the switch-internal list, the packet will be flooded (sent out on all ports). Once a packet from that MAC passes through the switch, that MAC will be added to the list, and future packets only leave that one port. The main function of a switch is to keep irrelevant packets away from hosts, but packets to unknown (to the switch) hosts get sent everywhere, just like a Hub would do. -- Cheers, Morten :wq ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NMAP - reveal MAC address
Others have given you good answers, but I felt I could share some insight on the matter.. The MAC address of a NIC is used by switches to send packets out the right port - As soon as you add a routing element, all traffic to a routed IP appears to be destined for the router, if one goes by the MAC address in the packet. If the destination MAC were to be encoded in the packet, no switches would be able to keep their internal tables sane, as it would be flooded with MACs, all on the same port (the one connected to the gateway). When a switch recieves a packet adressed to a MAC that doesn't appear in the switch-internal list, the packet will be flooded (sent out on all ports). Once a packet from that MAC passes through the switch, that MAC will be added to the list, and future packets only leave that one port. The main function of a switch is to keep irrelevant packets away from hosts, but packets to unknown (to the switch) hosts get sent everywhere, just like a Hub would do. yes - thanks all, it appears its a cross network 'issue' thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] NMAP - reveal MAC address
>> The main function of a switch is to keep irrelevant packets away from >> hosts, but packets to unknown (to the switch) hosts get sent >> everywhere, just like a Hub would do. >> > >yes - thanks all, it appears its a cross network 'issue' > >thanks If you're trying to get a MAC address across your own switches, you could try walking the switch's forwarding table (assuming SNMP availability). It's a cheesy way but works! -Chris -- "This electronic message transmission contains confidential or privileged information from Mount Carmel . The information is intended for use by the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic transmission in error, please notify us immediately by telephone (614-234-8700) or by electronic mail ([EMAIL PROTECTED])." == ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NMAP - reveal MAC address
On Wed, 7 May 2008 21:47:51 -0400 "Clonch, Christopher A." <[EMAIL PROTECTED]> wrote: > >> The main function of a switch is to keep irrelevant packets away from > > >> hosts, but packets to unknown (to the switch) hosts get sent > >> everywhere, just like a Hub would do. > >> > > > >yes - thanks all, it appears its a cross network 'issue' > > > >thanks > > If you're trying to get a MAC address across your own switches, you > could try walking the switch's forwarding table (assuming SNMP > availability). It's a cheesy way but works! This will only work on a local network: once you have the IP address, you can do an arp -v You cannot get the MAC address of a routed IP address, it only exist on a local network. -- Thanks http://www.911networks.com When the network has to work ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] NMAP - reveal MAC address
> This will only work on a local network:
> once you have the IP address, you can do an arp -v
>
> You cannot get the MAC address of a routed IP address, it only exist
on a
> local network.
Heres the code snippet I've used to walk a router's MAC table:
snmpwalk -v 1 -c public ${GWADDR} ipNetToMediaPhysAddress \
|grep ${IPADDR} |awk '{print $4}'
${GWADDR} is your router's IP and ${IPADDR} is the target's IP. This
allows you to qets MACs in another network. Would probably only work
for one hop; everything I have tried it on was only a single hop away.
--
"This electronic message transmission contains
confidential or privileged information from Mount
Carmel . The information is intended for use by the
individual or entity named above. If you are not the
intended recipient, be aware that any disclosure,
copying, distribution or use of the contents of this
information is prohibited. If you have received this
electronic transmission in error, please notify us
immediately by telephone (614-234-8700) or by electronic
mail ([EMAIL PROTECTED])."
==
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] NMAP - reveal MAC address
> >> The main function of a switch is to keep irrelevant > packets away from > > >> hosts, but packets to unknown (to the switch) hosts get sent > >> everywhere, just like a Hub would do. > >> > > > >yes - thanks all, it appears its a cross network 'issue' > > > >thanks > > If you're trying to get a MAC address across your own switches, you > could try walking the switch's forwarding table (assuming SNMP > availability). It's a cheesy way but works! If you have CDP enabled switches, try one of the magic auto discovery programs out there. I use NetDisco (netdisco.org), but there is also nTop and a ton of commercial apps. CDP is cisco, but all the major vendors have a similar protocol. NetDisco has a web interface listing what macs/vlans showed up on what ports, duplex mismatches, and all your switch os/patch levels. Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
