On Sun, 22 Jul 2012 16:44:13 +0800 lina <lina.lastn...@gmail.com> wrote:
> > Checked, now only 22 80 open with 443 closed. > another thing is that the nmap can scan my MAC address correctly. > is it bad? (I guess I will feel comfortable if the MAC address is > hidden) > All network communication is actually based on MAC addresses, if it can't be seen, you can't talk. Try arp -a as root to see what other computers yours has recently talked to. A cache is kept to speed things up, but only for a few minutes, otherwise your computer has to broadcast to look up a link between IP address and MAC. If you have a rainy afternoon to while away, install Wireshark and have a play with it. Try various network connections while a capture is running, and play with the filtering. One day you will need to use it in anger. Here is a fragment of a capture showing my workstation trying to find the server using the ARP protocol. It hasn't connected for a time, so the server isn't in its cache: No. Time Source Destination Protocol Length Info 5 5.007111000 Giga-Byt_xx:xx:xx Hewlett-_xx:xx:xx ARP 42 Who has 192.168.99.3? Tell 192.168.99.101 6 5.007315000 Hewlett-_xx:xx:xx Giga-Byt_xx:xx:xx ARP 60 192.168.99.3 is at xx:xx:xx:xx:xx:xx Sorry about the wrap, but email isn't designed for this sort of thing. Note that the first half of the MAC is a vendor ID, and Wireshark decodes it. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120722101816.4e778...@jretrading.com
