[CentOS] NMAP - reveal MAC address
Morten Nilsen
morten at runsafe.no
Wed May 7 22:15:49 UTC 2008
Tom Brown wrote:
> In CentOS 4 does anyone know the switches to get NMAP to reveal the MAC
> of the host being scanned ?
Others have given you good answers, but I felt I could share some
insight on the matter..
The MAC address of a NIC is used by switches to send packets out the
right port - As soon as you add a routing element, all traffic to a
routed IP appears to be destined for the router, if one goes by the MAC
address in the packet.
If the destination MAC were to be encoded in the packet, no switches
would be able to keep their internal tables sane, as it would be flooded
with MACs, all on the same port (the one connected to the gateway).
When a switch recieves a packet adressed to a MAC that doesn't appear in
the switch-internal list, the packet will be flooded (sent out on all
ports). Once a packet from that MAC passes through the switch, that MAC
will be added to the list, and future packets only leave that one port.
The main function of a switch is to keep irrelevant packets away from
hosts, but packets to unknown (to the switch) hosts get sent everywhere,
just like a Hub would do.
--
Cheers,
Morten
:wq
More information about the CentOS
mailing list