Hello. nmap 4.20, complied locally on a Debian Testing system running
Linux kernel 2.6.20.
When doing an nmap -sP (to scan for machines that respond to ICMP Echo
packets) nmap was reporting that a certain host was down. In fact, the
machine responds to ICMP pings (Type 8, and sends back Type 0), but
TCP/80 is filtered (no RST, nothing)
In doing packet sniffs, it appears that "nmap -sP host" will not
actually do an ICMP ping scan, but instead send *only* a packet to
TCP/80 to the host; if that fails, it reports it down.
Is this a bug or a feature? the man page says "The -sP option sends an
ICMP echo request *and* a TCP packet to port 80 by default." However I
am only seeing TCP/80 and no ICMP.
This is trivial to reproduce; I have tcpdump packet traces to verify.
--
Burton
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Feb 06 2007
Intro
