All,
I just found an apparent bug in all versions of nmap from 4.00 to
4.20 release.
The --max-retries option is not being honored for "Ping Scans"
(i.e., command-line option "-sP").
I am aware that the "--max-retries" option was fixed for "regular"
scans in version 4.20, however, this option is still *not* being
honored for "Ping Scans".
Eg.
$ ./nmap-4.11 --send-ip --packet-trace --max-retries 0 -n -sP -PE -
PS80 192.168.0.200
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2006-12-20
09:25 PST
SENT (0.0140s) ICMP 192.168.0.100 > 192.168.0.200 Echo request
(type=8/code=0) ttl=59 id=30036 iplen=28
SENT (0.0150s) TCP 192.168.0.100:41410 > 192.168.0.200:80 S ttl=38
id=6633 iplen=44 seq=2982239518 win=3072
SENT (1.0340s) ICMP 192.168.0.100 > 192.168.0.200 Echo request
(type=8/code=0) ttl=41 id=54427 iplen=28
SENT (1.0340s) TCP 192.168.0.100:41411 > 192.168.0.200:80 S ttl=47
id=48919 iplen=44 seq=662789470 win=4096
Note: Host seems down. If it is really up, but blocking our ping
probes, try -P0
Nmap finished: 1 IP address (0 hosts up) scanned in 2.055 seconds
As you can see, although the --max-retries option is set to 0 (ie.
no retries), the Ping Scan packets are sent out "twice" instead of
only once. This behavior occurs regardless of the Ping Scan
options that are selected.
I have tested this issue on all release versions of nmap from
version 4.00 to 4.20, and it is present in all of them.
Haven't had time to check the code to see where the problem lies
yet, but thought I should at least report the problem.
Thanks!
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Dec 20 2006
Intro
