Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: Nmap ICMP/TCP Ping Insubordination

Re: Nmap ICMP/TCP Ping Insubordination

From: Fyodor <fyodor_at_insecure.org>
Date: Mon, 5 Jul 2004 00:46:21 -0700

On Mon, Jun 07, 2004 at 12:48:58PM +0300, Noam Rathaus wrote:
> >
> Also, I noted that it still creates an ICMP capture filter under root, which
> would in the case of -PT/-PS/etc be unnecessary, unless that host is
> non-routeable.
>
[ cut ]
> Packet capture filter: (icmp and dst host 207.46.245.92) or (tcp and dst host
> 192.117.122.128 and ( dst port 62241 or dst port 62242 or dst port 62243 or
> dst port 62244 or dst port 62245))
>
> As you can see it still tries to use ICMP for detection, if I read it
> correctly.

Nmap does this because the host may respond to a TCP packet with an
ICMP packet (such as port unreachable, several host unreachable types,
including prohibited by firewall, or network unreachable).

Cheers,
Fyodor

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help@insecure.org . List archive: http://seclists.org
Received on Jul 05 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos