[CentOS] NMAP - reveal MAC address

Wed May 7 22:15:49 UTC 2008
Morten Nilsen <morten at runsafe.no>

Tom Brown wrote:
> In CentOS 4 does anyone know the switches to get NMAP to reveal the MAC 
> of the host being scanned ?

Others have given you good answers, but I felt I could share some 
insight on the matter..

The MAC address of a NIC is used by switches to send packets out the 
right port - As soon as you add a routing element, all traffic to a 
routed IP appears to be destined for the router, if one goes by the MAC 
address in the packet.

If the destination MAC were to be encoded in the packet, no switches 
would be able to keep their internal tables sane, as it would be flooded 
with MACs, all on the same port (the one connected to the gateway).

When a switch recieves a packet adressed to a MAC that doesn't appear in 
the switch-internal list, the packet will be flooded (sent out on all 
ports). Once a packet from that MAC passes through the switch, that MAC 
will be added to the list, and future packets only leave that one port.

The main function of a switch is to keep irrelevant packets away from 
hosts, but packets to unknown (to the switch) hosts get sent everywhere, 
just like a Hub would do.