NMAP Series C------OSI two-layer scanning

host scan discovery via OSI two layer (data link layer)

OSI The second layer of the model is the data link layer, where the protocol that works primarily is ARP. When communication occurs between two hosts, the source master first uses the ARP protocol broadcast request to obtain the destination host's MAC address. If the source host receives a response from the destination host, the target host is active, otherwise the target host is turned off. Therefore, you can use the OSI two layer to implement host scan discovery.

Data Link Layer

Convert data to standard format, manage data encryption and compression

Arp

1.1.1 ARP PingScan

principle : The host Discovery principle is similar to the ping command, which is to send a packet to the target host, indicating that the target host is alive if a reply is received.

ARP Ping The essence of scanning is the process of making an ARP (address Resolution Protocol) on the target host. Because ARP is a two-tier protocol, scanning in a local area network using ARP Ping is the most efficient method (faster than other ping scans).

ARP Ping syntax Format:

>NMAP-PR [ target ip/target hostname]

Example 1 scans the host 192.168.1.1 through ARP ping to determine if the host is alive (preferably add-sp).

>NMAP-PR 192.168.1.1

C:\WINDOWS\SYSTEM32>NMAP-SP-PR 192.168.1.1

starting Nmap 6.47 (http://nmap.org) at 2015-07-0618:12 China Standard Time

Nmap Scan Report for 192.168.1.1

Host is up (0.0030s latency).

MAC address:14:75:90:92:b2:40 (Tp-link Technologiesco.)

Nmap done:1 IP Address (1 host up) scanned in 24.19seconds

Note: To view the details of the scan host process, you can use the--packet-trace option

This article from "Technology bo" blog, declined reprint!

NMAP Series C------OSI two-layer scanning