Bug report? Windows version 4.71

["Ronald Luten" <ronald.luten () gmail com>]

When I use -sP to ping a C-class subnet, every host appears to be up, when
in reality only 10 should be up.
I've seen on the mailing list that this has been reported before, for other
versions.

I've used -vvv -d --packet-trace to get debug info. Maybe someone on the
list knows why it is doing this.

The host in the example (and the C-class) are behind a firewall, which is
just routing. So it there's a rule in there that permits ANY from my PC to
the C-class. The firewall is new (since last week), and before then nmap
didn't show this behavior, so most likely the firewall is somehow involved.

Debug info:

Winpcap present, dynamic linked to: WinPcap version 4.0.2 (packet.dll
version 4.0.0.1040), based on libpcap version 0.9.5

Starting Nmap 4.76 ( http://nmap.org ) at 2008-10-07 09:41 West-Europa
(standaardtijd)
PORTS: Using top 1000 ports found open (TCP:0, UDP:0)
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
Initiating Ping Scan at 09:41
Scanning 192.168.112.188 [2 ports]
Packet capture filter (device eth0): dst host 172.20.155.89 and (icmp or
((tcp or udp) and (src host 192.168.112.188)))
SENT (0.2340s) TCP 172.20.155.89:50443 > 192.168.112.188:80 A ttl=48 id=9139
iplen=40  seq=4059576939 win=1024 ack=4084382708
RCVD (0.2340s) TCP 192.168.112.188:80 > 172.20.155.89:50443 R ttl=64
id=61996 iplen=40  seq=4084382708 win=0
We got a TCP ping packet back from 192.168.112.188 port 80 (trynum = 0)
Completed Ping Scan at 09:41, 0.11s elapsed (1 total hosts)
Overall sending rates: 9.17 packets / s, 366.97 bytes / s.
mass_rdns: Using DNS server 172.20.1.98
mass_rdns: Using DNS server 172.20.1.99
NSOCK (0.2340s) msevent_new (IOD #1) (EID #8)
NSOCK (0.2340s) UDP connection requested to 172.20.1.99:53 (IOD #1) EID 8
NSOCK (0.2340s) msevent_new (IOD #1) (EID #18)
NSOCK (0.2340s) Read request from IOD #1 [172.20.1.99:53] (timeout: -1ms)
EID 18
NSOCK (0.2340s) msevent_new (IOD #2) (EID #24)
NSOCK (0.2340s) UDP connection requested to 172.20.1.98:53 (IOD #2) EID 24
NSOCK (0.2340s) msevent_new (IOD #2) (EID #34)
NSOCK (0.2340s) Read request from IOD #2 [172.20.1.98:53] (timeout: -1ms)
EID 34
Initiating Parallel DNS resolution of 1 host. at 09:41
NSOCK (0.2340s) msevent_new (IOD #1) (EID #43)
NSOCK (0.2340s) Write request for 46 bytes to IOD #1 EID 43 [172.20.1.99:53]:
.(...........188.112.168.192.in-addr.arpa.....
NSOCK (0.2340s) nsock_loop() started (timeout=500ms). 5 events pending
NSOCK (0.2340s) wait_for_events
NSOCK (0.2340s) Callback: CONNECT SUCCESS for EID 24 [172.20.1.98:53]
NSOCK (0.2340s) msevent_delete (IOD #2) (EID #24)
NSOCK (0.2340s) Callback: CONNECT SUCCESS for EID 8 [172.20.1.99:53]
NSOCK (0.2340s) msevent_delete (IOD #1) (EID #8)
NSOCK (0.2340s) Callback: WRITE SUCCESS for EID 43 [172.20.1.99:53]
NSOCK (0.2340s) msevent_delete (IOD #1) (EID #43)
NSOCK (0.2340s) wait_for_events
NSOCK (0.2340s) Callback: READ SUCCESS for EID 18 [172.20.1.99:53] (135
bytes)
NSOCK (0.2340s) msevent_new (IOD #1) (EID #50)
NSOCK (0.2340s) Read request from IOD #1 [172.20.1.99:53] (timeout: -1ms)
EID 50
NSOCK (0.2340s) msevent_delete (IOD #1) (EID #50)
NSOCK (0.2340s) msevent_delete (IOD #2) (EID #34)
mass_rdns: 0.00s 0/1 [#: 2, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
NSOCK (0.2340s) msevent_delete (IOD #1) (EID #18)
Completed Parallel DNS resolution of 1 host. at 09:41, 0.00s elapsed
DNS resolution of 1 IPs took 0.00s. Mode: Async [#: 2, OK: 0, NX: 1, DR: 0,
SF: 0, TR: 1, CN: 0]
Host 192.168.112.188 appears to be up, received reset.
Read from C:\Program Files\Nmap: nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds
           Raw packets sent: 1 (40B) | Rcvd: 1 (40B)

Ronald.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org