Nmap Development mailing list archives
Nmap ICMP/TCP Ping Insubordination
From: Noam Rathaus <noamr () beyondsecurity com>
Date: Mon, 7 Jun 2004 11:40:59 +0300
Hi, I noticed a very inconsitent (with the man file) behavior of Nmap, I run two command line: 1) ./nmap-3.50/nmap -PT80 -sP -d -n www.microsoft.com (under the root user) 2) /nmap-3.50/nmap -PT80 -sP -d -n www.microsoft.com (under the non-root user) Both should do the same, TCP Ping the host www.microsoft.com, however this doesn't happen: 1) Results in Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-06-07 11:39 IDT Packet capture filter (device eth0): (icmp and dst host 192.168.1.5) or ((tcp or udp) and dst host 192.168.1.5 and ( dst port 42558 or dst port 42559 or dst port 42560 or dst port 42561 or dst port 42562)) Finished block: srtt: -1 rttvar: -1 timeout: 6000000 block_tries: 2 up_this_block: 0 down_this_block: 0 group_sz: 1 massping done: num_hosts: 1 num_responses: 0 Host 207.46.245.92 appears to be down. Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 Nmap run completed -- 1 IP address (0 hosts up) scanned in 12.235 seconds 2) Results in Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-06-07 11:40 IDT Machine 207.46.249.252 MIGHT actually be listening on probe port 80 Hostupdate called for machine 207.46.249.252 state UNKNOWN/COMBO -> HOST_UP (trynum 0, dotimeadj: yes time: 287027) Finished block: srtt: 287047 rttvar: 287047 timeout: 1435235 block_tries: 1 up_this_block: 1 down_this_block: 0 group_sz: 1 massping done: num_hosts: 1 num_responses: 1 Host 207.46.249.252 appears to be up. Nmap run completed -- 1 IP address (1 host up) scanned in 1.452 seconds ---------- Now I know that normal user can't send ICMP packets, so this is the difference I am seeing. However, WHY does it even try to use ICMP when I strictly told it to use TCP Ping (-PT)? -- Thanks Noam Rathaus CTO Beyond Security Ltd. Join the SecuriTeam community on Orkut: http://www.orkut.com/Community.aspx?cmm=44441 --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Nmap ICMP/TCP Ping Insubordination Noam Rathaus (Jun 07)
- Re: Nmap ICMP/TCP Ping Insubordination Martin Mačok (Jun 07)
- Re: Nmap ICMP/TCP Ping Insubordination Noam Rathaus (Jun 07)
- Re: Nmap ICMP/TCP Ping Insubordination Martin Mačok (Jun 07)
- Re: Nmap ICMP/TCP Ping Insubordination Noam Rathaus (Jun 07)
- Re: Nmap ICMP/TCP Ping Insubordination Noam Rathaus (Jun 07)
- Re: Nmap ICMP/TCP Ping Insubordination Martin Mačok (Jun 07)