Casey Williams wrote:
>In my case, when I try "nmap -sS -P0..." and I sniff the traffic that gets generated from that scan, I've noticed more than one probe gets sent to the same port on some of the hosts under certain circumstances. I shouldn't see these "extra" probes in the packet capture if NMap didn't actually send them should I?
>
If your packet sniffer sees them on the wire, they were sent for sure.
That's the reason you are using a packet sniffer, and not relying on
application logs. :-) I can confirm that nmap sends out retries under
certain conditions. This is documented in the man page. I looked it up
yesterday when I saw it happening. An easy way to reproduce this is to
set the --host_timeout really low. Nmap will send retries until the
first probe is responded to. You can tune the number of retries using
--max_retries. See http://www.insecure.org/nmap/man/man-performance.html||
Sincerely,
Richard van den Berg
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Received on Jan 12 2006
Intro
