nmap not displaying MAC addresses

TinyApps.Org

Small is beautiful

HOME

  0. Internet
  1. Text
  2. Graphics
  3. System
  4. File
  5. Misc
  6. Palm
  7. OS X

BLOG

DOCS

FAQ

RSS (?)

nmap not displaying MAC addresses #
This will be obvious to regular nmap users, but Google did not turn up a quick and ready answer for why MAC addresses were not appearing during a ping scan:

$ nmap -sP 192.168.1.0/24

Starting Nmap 4.68 ( http://nmap.org ) at 2009-04-03 07:05 HST
Host 192.168.1.1 appears to be up.
Host 192.168.1.3 appears to be up.
Host 192.168.1.6 appears to be up.
...
Nmap done: 256 IP addresses (10 hosts up) scanned in 1.373 seconds

I initially just added &&arp -a | grep -v 'incomplete' to get the MAC addresses, but that was rather inelegant (and slow). Finally I stumbled onto the answer in the nmap book:

The -sP option sends an ICMP echo request and a TCP ACK packet to port 80 by default. When executed by an unprivileged user, only a SYN packet is sent (using a connect call) to port 80 on the target. When a privileged user tries to scan targets on a local ethernet network, ARP requests are used unless --send-ip was specified.

I felt the gentle scolding of Holmes ("One more coruscation, my dear Watson ---- yet another brain-wave!") as I realized that most of the nmap examples were from a root prompt - ah!

$ sudo nmap -sP 192.168.1.0/24
Password:

Starting Nmap 4.68 ( http://nmap.org ) at 2009-04-03 07:12 HST
Host 192.168.1.1 appears to be up.
MAC Address: 00:18:39:xx:xx:xx (Cisco-Linksys)
Host 192.168.1.3 appears to be up.
MAC Address: 00:0D:0B:xx:xx:xx (Buffalo)
Host 192.168.1.6 appears to be up.
MAC Address: 00:1F:F3:xx:xx:xx (Apple)
...
Nmap done: 256 IP addresses (10 hosts up) scanned in 4.809 seconds

/nix | Apr 03, 2009

Categories

/blosxom
/eink
/mac
/misc
/nix
/palm
/windows

Blosxom Archive

2012: 5 4 3 2 1
2011: 12 11 10 9 8 7 6 5 4 3 2 1
2010: 12 11 10 9 8 7 6 5 4 3 2 1
2009: 12 11 10 9 8 7 6 5 4 3 2 1
2008: 12 11 10 9 8 7 6 5 4 3 2 1
2007: 12 11 10 9 8 7 6 5 4 3 2 1
2006: 12 11 10 9 8 7 6 5 4 3 2 1
2005: 12 11 10

Blogger Archive

2005: 10 9 8 7 6 5 4 3 2 1
2004: 12 11 10 9 8 7 6 5 4 3 2 1
2003: 12 11 10 9 8 7 6

Ezine Archive

2004: 4 3 2 1
2003: 12 9 8 7 6 5 4 2 1
2002: 12 10 9 8 7 6 5 3 2 1
2001: 12 11 10