<span class="q"><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">What's the point of messing with 1.1 if you already have it under the<br>
identity of 2.1? If the goal is to perform as little action as
<br>possible (e.g. to be covert, to quickly gather data, and/or to reduce<br>data analysis and post-grouping), then this is a wasted action.</blockquote></span><div><br>The
results may differ for various reasons. Perhaps the routes go through
different firewalls with different ACL's, so you might be able to
access the HTTP server on the 1.1 interface and not the 2.1 interface.
You want the full picture of what is available on what interfaces and
from what sources. Scanning a single interface does not always give you
the full picture for a host, so intentionally neglecting to scan
additional intrfaces, once you have learned they belong to an already
scanned asset would be a mistake. Additionally, many network daemons
may be configured to only listen on a particular interface. Perhaps the
SSH and HTTPS daemons are only accessible on a management interface.
Assets should be identified, list the interfaces they have, list what
is accessible from all interfaces, and then list anything else that is
only accessible from specific interfaces. <br></div><br><br>-p