On Aug 5, 2004, at 12:53 PM, micro dev wrote:
> Hi,
> I use TCP SYN scan to scan remote hosts and also use OS fingerprinting.
> I use command something like that -
>
> nmap -sS -O -p <port list> <ip address>
> I also depend upon nmap response to find if host is UP or DOWN.
>
> So I am just qurious to know how NMAP will decide if host is UP if
> command listed above is used.
> Does it use ICMP at all in this case ?
>
> If NMAP uses SYN packets to find if host is UP, then it uses any
> default port or uses list of ports specified in the command.
By default it will use port 80, you can force it to use another port
with -PS#
If you run it as root, you can use an ICMP Echo-Request, other wise, as
the man pages state under a descript of -P0 for not pinging before
scanning, "By default, Nmap sends ... a TCP ACK packet to port 80."
I have ICMP open on the networks I deal with, so I run as root and use
-PE to use ICMP Echo-Request to tell if a host is up. If I am
searching a large set of hosts for a specific port, say 22 for example,
I will use -PS22 -p22, and it will only scan once, instead of first
sending the port 80 request to see if it is up, then send the port 22
to test the port. This speeds up scanning by quite a bit in many
cases.
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help@insecure.org . List archive: http://seclists.org
Received on Aug 05 2004
Intro
