What would be the best way to interrogate a 'local' subnet where no gateway/router is involved

[edoutlook]

Thanks to the adventurers before me that made it easy to get windows masscan to work in issue 749. I installed npcap as well.

As long as I 'have' a router/gateway it works for sending out a UDP message and the banner option to see the response(s).
But if I don't have a gateway router involved there is an immediate message that I need to use --router-mac option.


Well the addition of that option that gets past the message/error but I get no responses. When I wiresharked the stream, setting the router-mac makes that MAC ID into the DST field of the packet - So no remote device ever hears the request.

I thought I'd be clever and remove the router routines from the c files, I found a section in main-initadapter (lines 150) which have some text about this being the 'least understood' part of the code. I chuckled and my cleverness didn't lead anywhere (I thought I could fool the init part into 'vpn' like non-mac modes and it would work...)

If I make a second IP on the same NIC, set a gateway to it & hard-set the ID entry of the local NIC (windows command to change ARP table) using the unaltered masscan code it doesn't get past the error, my thought is that the ARP response from the OS never emits from the local interface. I guess you aren't supposed to ask for your own ID(ARP)?

So I'm puzzled as to whether there is a better way to do this? Am I overlooking some switches that cover this case? I have a local private network that I want to send a UDP query out to each host and wait for the response. And I won't have a gateway/router involved..