nmap 扫描结果不一致

tag-icon tag-icon mac-osx linux-networking nmap
nmap 扫描结果不一致

我正在开发一个程序,它依赖于扫描本地网络中的所有连接设备并获取它们的 MAC 地址。

为此,我运行以下命令:

nmap -sn 10.0.0.*

大部分情况下,这个方法都有效。我遇到的问题是,有时结果会正确输出有关网络上所有设备的信息,但有时它只输出有关我的路由器的信息。

我知道有时设备可能会暂时断开网络,但似乎至少应该返回两个结果(一个来自我正在运行命令的计算机,一个来自路由器)。

是否有任何原因可以解释这种行为,或者可能导致这种行为的情况?或者,是否有更好的方法可以更一致地实现相同的结果?

如果相关的话,我正在运行 nmap 6.47,并使用 brew 安装在通过无线连接到路由器的 MacBook 上。

更新

制作示例后,我意识到我得到的结果实际上永远不会少于两个。只是我运行命令的计算机的地址(10.0.0.54)没有返回 MAC 地址。抱歉,我是通过 grep 运行输出来提取 MAC 地址的。但是,当我制作示例时,网络上肯定有两个以上的设备 - 至少有一台我的其他计算机已连接。

样本:

正常结果:

$ nmap -sn 10.0.0.*
Starting Nmap 6.47 ( http://nmap.org ) at 2015-07-03 18:53 CDT
Nmap scan report for 10.0.0.1
Host is up (0.0043s latency).
MAC Address: B8:9B:C9:98:40:92 (SMC Networks)
Nmap scan report for 10.0.0.50
Host is up (0.023s latency).
MAC Address: B0:05:94:04:CA:75 (Liteon Technology)
Nmap scan report for 10.0.0.51
Host is up (0.080s latency).
MAC Address: F8:27:93:B4:09:F9 (Apple)
Nmap scan report for 10.0.0.57
Host is up (0.093s latency).
MAC Address: 78:4B:87:47:EA:50 (Murata Manufacturing Co.)
Nmap scan report for 10.0.0.58
Host is up (0.070s latency).
MAC Address: A4:5E:60:B8:D5:A7 (Unknown)
Nmap scan report for 10.0.0.59
Host is up (0.094s latency).
MAC Address: 70:3E:AC:1C:DB:D8 (Unknown)
Nmap scan report for 10.0.0.54
Host is up.
Nmap done: 256 IP addresses (7 hosts up) scanned in 26.23 seconds

设备数量不如预期:

$ nmap -sn 10.0.0.*
Starting Nmap 6.47 ( http://nmap.org ) at 2015-07-03 18:55 CDT
Nmap scan report for 10.0.0.1
Host is up (0.0044s latency).
MAC Address: B8:9B:C9:98:40:92 (SMC Networks)
Nmap scan report for 10.0.0.54
Host is up.
Nmap done: 256 IP addresses (2 hosts up) scanned in 2.04 seconds

$ nmap -sn 10.0.0.*
Starting Nmap 6.47 ( http://nmap.org ) at 2015-07-03 18:55 CDT
Nmap scan report for 10.0.0.1
Host is up (0.0034s latency).
MAC Address: B8:9B:C9:98:40:92 (SMC Networks)
Nmap scan report for 10.0.0.54
Host is up.
Nmap done: 256 IP addresses (2 hosts up) scanned in 2.03 seconds

$ nmap -sn 10.0.0.*
Starting Nmap 6.47 ( http://nmap.org ) at 2015-07-03 18:55 CDT
Nmap scan report for 10.0.0.1
Host is up (0.0037s latency).
MAC Address: B8:9B:C9:98:40:92 (SMC Networks)
Nmap scan report for 10.0.0.54
Host is up.
Nmap done: 256 IP addresses (2 hosts up) scanned in 2.06 seconds

再次正常结果:

$ nmap -sn 10.0.0.*
Starting Nmap 6.47 ( http://nmap.org ) at 2015-07-03 18:55 CDT
Nmap scan report for 10.0.0.1
Host is up (0.025s latency).
MAC Address: B8:9B:C9:98:40:92 (SMC Networks)
Nmap scan report for 10.0.0.50
Host is up (0.054s latency).
MAC Address: B0:05:94:04:CA:75 (Liteon Technology)
Nmap scan report for 10.0.0.57
Host is up (0.054s latency).
MAC Address: 78:4B:87:47:EA:50 (Murata Manufacturing Co.)
Nmap scan report for 10.0.0.54
Host is up.
Nmap done: 256 IP addresses (4 hosts up) scanned in 7.79 seconds

答案1

[vagrant@controller ~]$ man nmap
-d: Increase debugging level (use -dd or more for greater effect)

添加-d增加调试级别

[vagrant@controller ~]$ nmap -sn X.* -d

Starting Nmap 6.40 ( http://nmap.org ) at 2015-07-04 00:20 UTC
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
Initiating Ping Scan at 00:20
Scanning 256 hosts [2 ports/host]
Got ENETUNREACH from sendConnectScanProbe connect()
Got ENETUNREACH from sendConnectScanProbe connect()
doAnyOutstandingRetransmits took 32ms
Completed Ping Scan at 00:20, 2.62s elapsed (256 total hosts)
Overall sending rates: 387.02 packets / s.
mass_rdns: Using DNS server 8.8.8.8
Initiating Parallel DNS resolution of 256 hosts. at 00:20
mass_rdns: 8.01s 0/1 [#: 1, OK: 0, NX: 0, DR: 0, SF: 0, TR: 3]
Completed Parallel DNS resolution of 256 hosts. at 00:21, 8.01s elapsed
DNS resolution of 1 IPs took 8.01s. Mode: Async [#: 1, OK: 1, NX: 0, DR: 0, SF: 0, TR: 3, CN: 0]
Nmap scan report for X.0 [host down, received net-unreach]
Final times for host: srtt: 861 rttvar: 5000  to: 100000
Nmap scan report for test.testdomain (X.1)
Host is up, received syn-ack (0.0057s latency).
Final times for host: srtt: 5654 rttvar: 5654  to: 100000
Nmap scan report for X.2 [host down, received no-response]
Nmap scan report for X.3 [host down, received no-response]
Nmap scan report for X.4 [host down, received no-response]
Nmap scan report for X.5 [host down, received no-response]
Nmap scan report for X.6 [host down, received no-response]
Nmap scan report for X.7 [host down, received no-response]
Nmap scan report for X.8 [host down, received no-response]
Nmap scan report for X.9 [host down, received no-response]
Nmap scan report for X.10 [host down, received no-response]
Nmap scan report for X.11 [host down, received no-response]
Nmap scan report for X.12 [host down, received no-response]
Nmap scan report for X.13 [host down, received no-response]
Nmap scan report for controller.testdomain (X.14)
Host is up, received conn-refused (0.00041s latency).
Final times for host: srtt: 406 rttvar: 3846  to: 100000
Nmap scan report for X.15 [host down, received no-response]
Nmap scan report for X.16 [host down, received no-response]
Nmap scan report for X.17 [host down, received no-response]
Nmap scan report for X.18 [host down, received no-response]
...
Nmap scan report for X.250 [host down, received no-response]
Nmap scan report for X.251 [host down, received no-response]
Nmap scan report for X.252 [host down, received no-response]
Nmap scan report for X.253 [host down, received no-response]
Nmap scan report for X.254 [host down, received no-response]
Nmap scan report for X.255 [host down, received net-unreach]
Final times for host: srtt: 175 rttvar: 5000  to: 100000
Read from /usr/bin/../share/nmap: nmap-payloads.
Nmap done: 256 IP addresses (2 hosts up) scanned in 10.70 seconds

添加-dd以进一步提高调试级别。

调试将阐明为什么添加到问题的片段之间存在差异。

相关内容