Nmap Development mailing list archives
Re: Nmap ICMP/TCP Ping Insubordination
From: Noam Rathaus <noamr () beyondsecurity com>
Date: Mon, 7 Jun 2004 12:48:58 +0300
On Monday 07 June 2004 12:28, Martin Mačok wrote:
On Mon, Jun 07, 2004 at 11:40:59AM +0300, Noam Rathaus wrote:I noticed a very inconsitent (with the man file) behavior of Nmap, I run two command line: 1) ./nmap-3.50/nmap -PT80 -sP -d -n www.microsoft.com (under the root user) 2) /nmap-3.50/nmap -PT80 -sP -d -n www.microsoft.com (under the non-root user) Both should do the same, TCP Ping the host www.microsoft.com,Option -PT does not do the same for root and non root users. From the man page, option -PT: "... spew out TCP ACK packets ... For non root users, we use connect()". Sniff both (1) and (2) with tcpdump/ethereal and see the conversations. Martin Mačok IT Security Consultant
Also, I noted that it still creates an ICMP capture filter under root, which would in the case of -PT/-PS/etc be unnecessary, unless that host is non-routeable. I tried in addition to do: nmap -sP -PS80 -d www.microsoft.com TCP probe port is 80 Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ ) The first host is 203, and the last one is 203 The first host is 55, and the last one is 55 The first host is 30, and the last one is 30 The first host is 222, and the last one is 222 Packet capture filter: (icmp and dst host 207.46.245.92) or (tcp and dst host 192.117.122.128 and ( dst port 62241 or dst port 62242 or dst port 62243 or dst port 62244 or dst port 62245)) As you can see it still tries to use ICMP for detection, if I read it correctly. -- Thanks Noam Rathaus CTO Beyond Security Ltd. Join the SecuriTeam community on Orkut: http://www.orkut.com/Community.aspx?cmm=44441 --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Nmap ICMP/TCP Ping Insubordination Noam Rathaus (Jun 07)
- Re: Nmap ICMP/TCP Ping Insubordination Martin Mačok (Jun 07)
- Re: Nmap ICMP/TCP Ping Insubordination Noam Rathaus (Jun 07)
- Re: Nmap ICMP/TCP Ping Insubordination Martin Mačok (Jun 07)
- Re: Nmap ICMP/TCP Ping Insubordination Noam Rathaus (Jun 07)
- Re: Nmap ICMP/TCP Ping Insubordination Noam Rathaus (Jun 07)
- Re: Nmap ICMP/TCP Ping Insubordination Martin Mačok (Jun 07)