Re: scan for machines in the subnet



On Mon, 05 Mar 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <45ebf363$0$24618$8404b019@xxxxxxxxxxxxxxx>, David Brown wrote:

Chris Cox wrote:

Moe Trin wrote:

The only hosts that won't be found are those that have disabled ARP on
their network setup, OR are using off-network IP addresses that you did
not try to talk to. ARP is lower in the stack than firewall code, and
even if a host is dropping all TCP, UDP, or ICMP (etc.) packets, it will
still respond to an ARP packet addressed to it's IP address.

A switch on a meshed network can reply to ARP with it's own MAC.

I've just run Patrick's nmap scan on our office network, and I don't see
any indication that our switches are modifying the MACs, based on nmap's
partial identification of the companies owning the MAC addresses found.

Note he wrote "can", and not "will". Generally speaking, those switches
that do substitute the MAC will have intelligence and will provide access
(possibly through SNMP - possibly via other protocols) to their internal
table of "who is on which port".

I would have thought that a switch would not modify the MAC - after all,
it would mess up things like statically assigned IP addresses issued by
a DHCP server.

True - but if you're going to statically assign IP addresses, why not do
so directly? It usually takes less time to do so.

Old guy

.



Relevant Pages

  • Re: All I have is the MAC address which are on our LAN so no routers are involved.
    ... echo Clearing ARP Cache ... an IP on MAC How to use TCP/IP without installing a NIC. ... How to Setup Windows, Network, VPN & Remote Access on = ... Anyway now I have the list of machines with MAC and IP, ...
    (microsoft.public.windowsxp.network_web)
  • Re: Re: All I have is the MAC address which are on our LAN so no routers are involved.
    ... addresses and then check the arp cache with "arp -a". ... an IP on MAC How to use TCP/IP without installing a NIC. ... How to Setup Windows, Network, VPN & Remote Access on = ... Anyway now I have the list of machines with MAC and IP, ...
    (microsoft.public.windowsxp.network_web)
  • RE: gratuitous arp and bad mac
    ... Are you implementing any Layer 2 Switch Fault Tolerance? ... public network only but also NOT recommened in a cluster. ... > I looked at the arp table and found that the mac address for ... > sql-a was now matching the mac for node2. ...
    (microsoft.public.windows.server.clustering)
  • Re: Nmap questions concering my router
    ... >> configure a free IP address in the network. ... ARP is a stateless protocol. ... ARP REPLY packets to any host or switch, who should believe, that an IP ... address is now attached to another MAC address, see RFC 826 / STD 0037. ...
    (comp.security.firewalls)
  • Re: MAC address spoofing - conflict?
    ... That being the case I would think that all network cards on that collision domain would get the packet. ... ARP broadcasts and the question is what will happen. ... ARP asks for an _IP_ address, not a MAC one. ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)