Nmap Development mailing list archives
Bug report? Windows version 4.71
From: "Ronald Luten" <ronald.luten () gmail com>
Date: Tue, 7 Oct 2008 09:54:35 +0200
When I use -sP to ping a C-class subnet, every host appears to be up, when in reality only 10 should be up. I've seen on the mailing list that this has been reported before, for other versions. I've used -vvv -d --packet-trace to get debug info. Maybe someone on the list knows why it is doing this. The host in the example (and the C-class) are behind a firewall, which is just routing. So it there's a rule in there that permits ANY from my PC to the C-class. The firewall is new (since last week), and before then nmap didn't show this behavior, so most likely the firewall is somehow involved. Debug info: Winpcap present, dynamic linked to: WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5 Starting Nmap 4.76 ( http://nmap.org ) at 2008-10-07 09:41 West-Europa (standaardtijd) PORTS: Using top 1000 ports found open (TCP:0, UDP:0) --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- Initiating Ping Scan at 09:41 Scanning 192.168.112.188 [2 ports] Packet capture filter (device eth0): dst host 172.20.155.89 and (icmp or ((tcp or udp) and (src host 192.168.112.188))) SENT (0.2340s) TCP 172.20.155.89:50443 > 192.168.112.188:80 A ttl=48 id=9139 iplen=40 seq=4059576939 win=1024 ack=4084382708 RCVD (0.2340s) TCP 192.168.112.188:80 > 172.20.155.89:50443 R ttl=64 id=61996 iplen=40 seq=4084382708 win=0 We got a TCP ping packet back from 192.168.112.188 port 80 (trynum = 0) Completed Ping Scan at 09:41, 0.11s elapsed (1 total hosts) Overall sending rates: 9.17 packets / s, 366.97 bytes / s. mass_rdns: Using DNS server 172.20.1.98 mass_rdns: Using DNS server 172.20.1.99 NSOCK (0.2340s) msevent_new (IOD #1) (EID #8) NSOCK (0.2340s) UDP connection requested to 172.20.1.99:53 (IOD #1) EID 8 NSOCK (0.2340s) msevent_new (IOD #1) (EID #18) NSOCK (0.2340s) Read request from IOD #1 [172.20.1.99:53] (timeout: -1ms) EID 18 NSOCK (0.2340s) msevent_new (IOD #2) (EID #24) NSOCK (0.2340s) UDP connection requested to 172.20.1.98:53 (IOD #2) EID 24 NSOCK (0.2340s) msevent_new (IOD #2) (EID #34) NSOCK (0.2340s) Read request from IOD #2 [172.20.1.98:53] (timeout: -1ms) EID 34 Initiating Parallel DNS resolution of 1 host. at 09:41 NSOCK (0.2340s) msevent_new (IOD #1) (EID #43) NSOCK (0.2340s) Write request for 46 bytes to IOD #1 EID 43 [172.20.1.99:53]: .(...........188.112.168.192.in-addr.arpa..... NSOCK (0.2340s) nsock_loop() started (timeout=500ms). 5 events pending NSOCK (0.2340s) wait_for_events NSOCK (0.2340s) Callback: CONNECT SUCCESS for EID 24 [172.20.1.98:53] NSOCK (0.2340s) msevent_delete (IOD #2) (EID #24) NSOCK (0.2340s) Callback: CONNECT SUCCESS for EID 8 [172.20.1.99:53] NSOCK (0.2340s) msevent_delete (IOD #1) (EID #8) NSOCK (0.2340s) Callback: WRITE SUCCESS for EID 43 [172.20.1.99:53] NSOCK (0.2340s) msevent_delete (IOD #1) (EID #43) NSOCK (0.2340s) wait_for_events NSOCK (0.2340s) Callback: READ SUCCESS for EID 18 [172.20.1.99:53] (135 bytes) NSOCK (0.2340s) msevent_new (IOD #1) (EID #50) NSOCK (0.2340s) Read request from IOD #1 [172.20.1.99:53] (timeout: -1ms) EID 50 NSOCK (0.2340s) msevent_delete (IOD #1) (EID #50) NSOCK (0.2340s) msevent_delete (IOD #2) (EID #34) mass_rdns: 0.00s 0/1 [#: 2, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1] NSOCK (0.2340s) msevent_delete (IOD #1) (EID #18) Completed Parallel DNS resolution of 1 host. at 09:41, 0.00s elapsed DNS resolution of 1 IPs took 0.00s. Mode: Async [#: 2, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0] Host 192.168.112.188 appears to be up, received reset. Read from C:\Program Files\Nmap: nmap-services. Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds Raw packets sent: 1 (40B) | Rcvd: 1 (40B) Ronald. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Bug report? Windows version 4.71 Ronald Luten (Oct 07)
- Re: Bug report? Windows version 4.71 David Fifield (Oct 07)