Comments (5)
Looks like the issue is fixed.
To reproduce I put a Linux bridge between the scanning system and target, and added a 1 second delay with tc qdisc add dev ens36 root netem delay 1000ms
. Network is 10.0.0.0/24 containing one host 10.0.0.1.
Old behavior:
--- Removing host 10.0.0.250 - Timeout
--- Received packet #1 from 10.0.0.1
10.0.0.1 00:0c:29:80:62:81 VMware, Inc. (DUP: 1) RTT=999.444 ms
--- Removing host 10.0.0.1 - Received 60 bytes
*** remove_host called on non-live host: SHOULDN'T HAPPEN
--- Removing host 10.0.0.251 - Timeout
New behavior:
--- Removing host 10.0.0.251 - Timeout
--- Received packet #1 from 10.0.0.1
10.0.0.1 00:0c:29:80:62:81 VMware, Inc. RTT=1002.372 ms
--- Removing host 10.0.0.1 - Received 60 bytes
--- Removing host 10.0.0.252 - Timeout
from arp-scan.
I think this is a long-standing bug that only occurs in certain situations and is difficult to reproduce.
A host is marked as "not live" when it's either responded or when it has timed out, and the code assumes that any responses to a non-live host must be duplicates. But that is not strictly true because a hosts' first response can occur shortly after the host has been marked as non-live due to timeout. Note that marking a host as non-live only means that no more packets will be sent to that host, but received packets will still be displayed.
Edit: this code in the pcap callback fundtion is also problematic because it assumes that any responding host that isn't marked as "live" when the response is received must be a duplicate and thus shouldn't increment responders.
if (temp_cursor->live)
responders++;
When a response is received after the host has been marked as non-live due to timeout, it should be displayed in the normal way - no need to add "Received after timeout" because that's an internal implementation matter that the use shouldn't care about. We shouldn't be displaying the "SHOULDN'T HAPPEN" error message in this case either because it's normal (if unusual) behaviour.
from arp-scan.
Hopefully fixed by commit 167b4c5
Not fully tested yet though.
from arp-scan.
Just "anecdotally", this fixes it on my network. I've run it with and without patch and voila, works! Thanks!
from arp-scan.
Thanks for the confirmation. I'm closing this issue now as it appears to be resolved.
from arp-scan.
Related Issues (20)
- get-oui from Fedora package arp-scan-1.9.7-7.fc37 fails with unhelpful message due to unmet dependency HOT 1
- Show MAC in arp-fingerprint HOT 6
- arp-scan does not look in /usr/share/arp-scan if trying to open ieee-oui.txt failes with EACCESS HOT 15
- Binary packaging status for version 1.10.0 HOT 2
- Potential memory leak in arp-scan/arp-scan.c HOT 2
- Command Line Argument for turning off Promiscuous Mode HOT 7
- Feature Request: Output options: Add sorting HOT 6
- "Target list from interface network X netmask Y" is displayed with --plain option HOT 1
- Parallel arp-scan missing devices HOT 2
- Will this reposity be moved to cmake? HOT 2
- how to update `ieee-oui.txt` on macOS? HOT 3
- Add windows support
- Find portable function to get interface MAC address
- Add support for Cisco ISL VLANs in addition to 802.1Q HOT 1
- many hosts respond to single arp packet HOT 4
- Duplicate ARP responses from Intel Wi-Fi 6E AX211 on Windows 11 HOT 1
- Change release tags from lightweight to annotated
- Doesn't work on WSl2 NAT network mode HOT 1
- Speed up on single mac target HOT 2
- file permission denied HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from arp-scan.