Comments on: Log 0.1 – ARP Fingerprinting http://michaeldaw.org/reborn/chapter0/log-01 Weekly humour Thu, 07 May 2009 20:09:50 +0000 http://wordpress.org/?v= hourly 1 By: pagvac http://michaeldaw.org/reborn/chapter0/log-01/comment-page-1#comment-1192 pagvac Wed, 15 Nov 2006 12:20:39 +0000 http://michaeldaw.org/log-01/#comment-1192 No, they *cannot* do ARP OS fingerprinting. I was simply referring to ARP scanning (2nd-layer enumeration of live hosts in current subnet). Sorry about the confusion :-(. However, let's remember that sometimes by simply getting the OID (first-half of the MAC address) you can tell a lot about the target by looking up the vendor name, but obviously it's *not* as accurate as OS fingerprinting. So yes, users interested in 2nd-layer OS *fingerprinting* should then use a tool such as arp-scan, as mentioned by dwk. No, they *cannot* do ARP OS fingerprinting. I was simply referring to ARP scanning (2nd-layer enumeration of live hosts in current subnet). Sorry about the confusion :-(.

However, let’s remember that sometimes by simply getting the OID (first-half of the MAC address) you can tell a lot about the target by looking up the vendor name, but obviously it’s *not* as accurate as OS fingerprinting.

So yes, users interested in 2nd-layer OS *fingerprinting* should then use a tool such as arp-scan, as mentioned by dwk.

]]> By: david.kierznowski http://michaeldaw.org/reborn/chapter0/log-01/comment-page-1#comment-70 david.kierznowski Mon, 25 Sep 2006 09:04:22 +0000 http://michaeldaw.org/log-01/#comment-70 pagvac, Yeh, but can they perform ARP OS Fingerprinting? :) pagvac,

Yeh, but can they perform ARP OS Fingerprinting? :)

]]> By: pagvac http://michaeldaw.org/reborn/chapter0/log-01/comment-page-1#comment-69 pagvac Mon, 25 Sep 2006 08:56:25 +0000 http://michaeldaw.org/log-01/#comment-69 Also worth it mentioning that arp scanning can be done with popular tools such as nmap and Cain (for those that are lazy to download a different tool :-) ). My favorite nmap arp scan command: nmap -n -T5 -sP -PR 192.168.1.0/24 In Cain: Sniffer/Hosts/(Right-click) Scan MAC Addresses Also worth it mentioning that arp scanning can be done with popular tools such as nmap and Cain (for those that are lazy to download a different tool :-) ).

My favorite nmap arp scan command:

nmap -n -T5 -sP -PR 192.168.1.0/24

In Cain:

Sniffer/Hosts/(Right-click) Scan MAC Addresses

]]>