Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Nmap ICMP/TCP Ping Insubordination
From: Noam Rathaus <noamr () beyondsecurity com>
Date: Mon, 7 Jun 2004 12:48:58 +0300

On Monday 07 June 2004 12:28, Martin Mačok wrote:
On Mon, Jun 07, 2004 at 11:40:59AM +0300, Noam Rathaus wrote:
I noticed a very inconsitent (with the man file) behavior of Nmap,
I run two command line:
1) ./nmap-3.50/nmap -PT80 -sP -d -n www.microsoft.com
(under the root user)
2) /nmap-3.50/nmap -PT80 -sP -d -n www.microsoft.com
(under the non-root user)

Both should do the same, TCP Ping the host www.microsoft.com,

Option -PT does not do the same for root and non root users. From the
man page, option -PT: "... spew out TCP ACK packets ... For non root
users, we use connect()".

Sniff both (1) and (2) with tcpdump/ethereal and see the

Martin Mačok
IT Security Consultant

Also, I noted that it still creates an ICMP capture filter under root, which 
would in the case of -PT/-PS/etc be unnecessary, unless that host is 

I tried in addition to do:
nmap -sP -PS80 -d www.microsoft.com

TCP probe port is 80

Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
The first host is 203, and the last one is 203
The first host is 55, and the last one is 55
The first host is 30, and the last one is 30
The first host is 222, and the last one is 222
Packet capture filter: (icmp and dst host or (tcp and dst host and ( dst port 62241 or dst port 62242 or dst port 62243 or 
dst port 62244 or dst port 62245))

As you can see it still tries to use ICMP for detection, if I read it 

Noam Rathaus
Beyond Security Ltd.

Join the SecuriTeam community on Orkut:

For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List archive: http://seclists.org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]