On Sun, 22 Feb 2004, Marty Landman wrote:

> At 09:42 AM 2/22/2004, Olaf Hoyer wrote:
> >The syntax to ping a whole /24 segment would be:
> Hi Olaf. Could you please explain what is meant by '/24 segment'? I'm new
> to networking as you can see!


Well, what is formerly called a "Class C" network is now in the new
CIDR-notation a "/24", meaning that there are 256 IP's in that network.

A class A is a /8, a class B a /16.

Yes, there are some subtle differencies about how a router addresses
this, but for size they are the same.
> # nmap -sP
> Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
> sendto in send_ip_raw: sendto(4, packet, 28, 0,, 16) => Can't
> assign requested address
> Sleeping 60 seconds then retrying

Seems to be a bug with nmap V3.00
I use 3.50, and it works. Solution could be an upgrade or exclusion of
your own box from the scanning range.

> >after this you will also have some output from the arp -a command,
> >because the arp cache has to be filled somehow.
> swamisalami# arp -a
> ? ( at ff:ff:ff:ff:ff:ff on ep0 permanent [ethernet]
> delliver ( at 00:08:74:c0:5e:69 on ep0 [ethernet]
> woody ( at 00:a0:cc:40:3e:9b on ep0 [ethernet]
> swamisalami ( at 00:20:af:4d:24:b7 on ep0 permanent [ethernet]
> ? ( at (incomplete) on ep0 [ethernet]
> penguin ( at 00:a0:24:75:04:49 on ep0 [ethernet]
> eileen ( at 00:a0:cc:40:55:cf on ep0 [ethernet]
> ? ( at ff:ff:ff:ff:ff:ff on ep0 permanent [ethernet]
> swamisalami#
> Ok, not sure why the output was broken up into two portions but it has now
> captured all the nodes on my box. Furthermore a subsequent arp -a gives a
> more usable output e.g.


> Did you mean then that I should run the nmap followed by the arp -a to get
> a look at all nodes on my class c network? In this case it seems the only
> thing needed for me to put this into a shell script is a way to not have to
> manually interrupt the nmap which seemed to want to keep trying, after
> sleeping for progressively longer periods of time. Unless there is a glitch
> to be worked around somehow on (never in use on my network
> afaik) and that what happened here was not typical behavior.

Ok, some basics beforehand:

anytime some hosts wants to contact another host, it yells with some
broadcast on the local collision segment (arp-request) that the Station,
which has IP-address a.b.c.d. sprays the answer (the MAC-Address on
the other station) back throughout the segment.
This answer is cached by the OS for a short time, that for future use no
unnecessary lookups have to be made.

This means, that, if you hook up a station to a LAN, which did not
participiated in any of the LAN traffic, the arp cache on that station
is of course empty.

One way to fill it, is by simply pinging all other hosts on that



nmap -sP does exactly the same above, but with less typing effort ;-)

For each station that is up and running, you get a MAC address back, and
therefore the arp cache is populated.

> It would be a nice utility for me to have and perhaps run off cron - i.e.
> to test each connection on my network and report back so I know on a steady
> basis that everything's up and running (or at least reachable).

Yes, would be practicable. You should consider updating nmap, though...


Olaf Hoyer        [EMAIL PROTECTED]
Fuerchterliche Erlebniss geben zu raten,
ob der, welcher sie erlebt, nicht etwas Fuerchterliches ist.
(Nietzsche, Jenseits von Gut und Boese)
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to