Mailing List Archive

On Oct 27, 2008, at 10:13 AM, Rich Whitcroft wrote:

> Not sure I'm understanding what this option does.

It causes Nessus to list each host in a report by its MAC address
rather than an IP or hostname.

> I scanned a host with
> the command line interface (nessus -q localhost 1241 ...etc) to a NBE
> file, then set use_mac_addr = yes, and re-scanned the same host, but
> the
> output files are identical.
> I expected to see the mac address somewhere
> in the nbe file.

Did Nessus detect the host as up?

Did you make the change in the server or client configuration file?
[The client configuration file takes precedence.]

Does the setting appear in the SERVER_PREFS block? Is there only 1
instance?

George
--
theall@tenablesecurity.com



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

George A. Theall wrote:
> On Oct 27, 2008, at 10:13 AM, Rich Whitcroft wrote:
>
>
>> Not sure I'm understanding what this option does.
>>
>
> It causes Nessus to list each host in a report by its MAC address
> rather than an IP or hostname.
>
>
>> I scanned a host with
>> the command line interface (nessus -q localhost 1241 ...etc) to a NBE
>> file, then set use_mac_addr = yes, and re-scanned the same host, but
>> the
>> output files are identical.
>> I expected to see the mac address somewhere
>> in the nbe file.
>>
>
> Did Nessus detect the host as up?
>
> Did you make the change in the server or client configuration file?
> [The client configuration file takes precedence.]
>
> Does the setting appear in the SERVER_PREFS block? Is there only 1
> instance?
>
> George
>


The host was up and I got several vulnerabilities in the nbe file. The
use_mac_addr is located in the SERVER_PREFS block of both the .nessusrc
and the main config file.

$ grep use_mac_addr ~/.nessusrc
use_mac_addr = yes
$ sudo grep use_mac_addr /opt/nessus/etc/nessus/nessusd.conf
use_mac_addr = yes
$ echo a.b.c.d >/tmp/scan
$ nessus -q localhost 1241 <uname> <pw> /tmp/scan /tmp/scan.out -T nbe

The scan finishes and I get results in /tmp/scan.out, but no mac address
is present; each 'results' line looks like:

$ cut -d\| -f1-3 /tmp/scan.out | head
timestamps||
timestamps||a.b.c.d
results|a.b.c|a.b.c.d
results|a.b.c|a.b.c.d
results|a.b.c|a.b.c.d
results|a.b.c|a.b.c.d
results|a.b.c|a.b.c.d
results|a.b.c|a.b.c.d
results|a.b.c|a.b.c.d
results|a.b.c|a.b.c.d

(actual IP removed)
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

On Oct 27, 2008, at 3:53 PM, Rich Whitcroft wrote:

> The host was up and I got several vulnerabilities in the nbe file. The
> use_mac_addr is located in the SERVER_PREFS block of both
> the .nessusrc
> and the main config file.

Would you mind sending me privately a copy of the client config file?

Which version of Nessus are you using (both client and server)? And on
which platform?

George
--
theall@tenablesecurity.com



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus