Open hb0nes opened 1 year ago
This is expected behavior
It may seem like a basic feature, but it's not
You can leave this open in case someone wants to implement this but it would require invasive changes
At the very least it would require two passes, one to make ARP requests for every IP (saving a mapping) and then one to send the port probes. With each port probe, there would need to be additional logic added to lookup and then update the L2 header. Currently the L2 header for TCP, UDP and ICMP is fixed
It seems masscan defaults to using a gateway, even if hosts are directly reachable. I can only scan a host directly by passing its mac to massscan:
Is it possible to do
if the host I'm running it from has an IP in the 10.44.30.0/24 subnet, without using a router?
Seems like basic functionality but apparently I'm missing something.
edit: I want to mention the default gateway in this subnet is not routing masscan's packets, so it's currently impossible to use it to scan a subnet quickly if it has a strict routing policy, if there's no direct connectivity options.