diff --git a/scan_engine.cc b/scan_engine.cc index f1e754a2c..3120319ae 100644 --- a/scan_engine.cc +++ b/scan_engine.cc @@ -3284,7 +3284,10 @@ static UltraProbe *sendArpScanProbe(UltraScanInfo *USI, HostScanStats *hss, ETH_TYPE_ARP); arp_pack_hdr_ethip(frame + ETH_HDR_LEN, ARP_OP_REQUEST, *hss->target->SrcMACAddress(), *hss->target->v4sourceip(), - ETH_ADDR_BROADCAST, *hss->target->v4hostip()); + "\x00\x00\x00\x00\x00\x00", *hss->target->v4hostip()); +// RFC 826 says that the ar$tha field need not be set to anything in particular (i.e. its value doesn't matter) +// We use 00:00:00:00:00:00 since that is what IP stacks in currently popular operating systems use + gettimeofday(&USI->now, NULL); probe->sent = USI->now; hss->probeSent(sizeof(frame)); diff --git a/todo/nmap.txt b/todo/nmap.txt index 234f347e0..5b8902a6f 100644 --- a/todo/nmap.txt +++ b/todo/nmap.txt @@ -67,9 +67,6 @@ o GSOC 2014 student Jay will be looking at these items: http://seclists.org/nmap-dev/2012/q4/420. o Implement an --exclude-ports option. See http://seclists.org/nmap-dev/2012/q1/275 - o Investigate report of Nmap ARP discovery using the wrong target MAC - address field in ARP requests (it is correct in the ethernet frame - itself). See this thread: http://seclists.org/nmap-dev/2011/q3/547 o [Zenmap] Combine parallel timed-out hops into one node in the topology view. http://seclists.org/nmap-dev/2012/q1/82 has a patch, however it doesn't handle the case of two or more consecutive @@ -829,6 +826,10 @@ o random tip database DONE: +o Investigate report of Nmap ARP discovery using the wrong target MAC + address field in ARP requests (it is correct in the ethernet frame + itself). See this thread: http://seclists.org/nmap-dev/2011/q3/547 + o Add randomizer to configure script so that a random ASCII art from docs/leet-nmap-ascii-art*.txt is printed. I think I'll start naming them leet-nmap-ascii-art-submittername.txt.