<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Nmap Development: Re: Excessive traffic in -PS/PA/PU ping scans

Re: Excessive traffic in -PS/PA/PU ping scans

From: Brandon Enright <bmenrigh_at_ucsd.edu>
Date: Tue, 20 Mar 2007 18:26:55 +0000

On Tue, 20 Mar 2007 03:16:44 -0700
cybernmd <cybernmd_at_gmail.com> wrote:

> I have noticed the following when performing SYN, ACK, and UDP pings:
>
...snip...
>
> Command:
> sudo nmap -PS443 192.168.1.1
>

You are scanning 192.168.1.1 which leads me to believe the scanning machine
is directly connected to the same layer 2 network segment. Nmap will use
ARP to determine if the host is up and shouldn't need to do any additional
discovery. Are you able to reproduce your results on targets separated by
L2 boundaries?

Brandon

-- 
Brandon Enright
Network Security Analyst
UCSD ACS/Network Operations
bmenrigh_at_ucsd.edu
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Received on Mar 20 2007

This message: [ Message body ]
Next message: Eddie Bell: "Re: Excessive traffic in -PS/PA/PU ping scans"
Previous message: cybernmd: "Excessive traffic in -PS/PA/PU ping scans"
In reply to: cybernmd: "Excessive traffic in -PS/PA/PU ping scans"
Next in thread: Eddie Bell: "Re: Excessive traffic in -PS/PA/PU ping scans"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]