Nmap Development mailing list archives
RE: ping scan not accurate?
From: "Rob Nicholls" <robert () robnicholls co uk>
Date: Sat, 3 Aug 2013 08:07:43 +0100
Hi Michael, Nmap's "ping scan" usually sends a handful of different packets to detect hosts. But if you're scanning a local subnet Nmap will usually only check for ARP responses. I suspect you saw false positives as something responded (possibly with the same MAC address each time?) for every IP. http://nmap.org/book/man-host-discovery.html A more accurate approach would need to be taken, such as the ICMP echo scan you performed and/or port scans. You can use the flag --open so Nmap only returns results for hosts that have open ports (useful if a firewall is returning TCP resets for hosts that are really down) and the --reason flag will tell you what response Nmap saw. Rob
-----Original Message----- From: dev [mailto:dev-bounces () nmap org] On Behalf Of Michael Nichols Sent: 02 August 2013 23:12 To: dev () nmap org Subject: ping scan not accurate? I used nmap to troubleshoot an issue where in an office bldg. with a
shared
internet subnet for tenants. One of my clients was having ip conflicts on the WAN side of their
firewall.
The subnet was 192.168.0.0/24 I used zenmap and ran a ping scan of 192.168.0.1-254 It came back saying
all
254 hosts were up. So I complained to the network administrator responsible for that subnet that it appears they need to change the subnet to something that can support more devices. They came back saying that they did not believe that all the addresses
were
in use and the utility being used may be producing inaccurate results. I then did icmp pings using the traditional ping command to random IPs and found that IPs that the nmap ping scan was reporting as alive were not responding. I did another scan at a command line nmap -PE 192.168.0.1-254 Which returned back that 20 hosts were up. I was mainly wondering why a ping scan (-sn) would be reporting a false positive. Thanks. _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ping scan not accurate? Michael Nichols (Aug 02)
- RE: ping scan not accurate? Rob Nicholls (Aug 03)