Nmap Development: Re: Excessive traffic in -PS/PA/PU ping scans

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Nmap Development mailing list archives

Re: Excessive traffic in -PS/PA/PU ping scans

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Tue, 20 Mar 2007 18:26:55 +0000

On Tue, 20 Mar 2007 03:16:44 -0700
cybernmd <cybernmd () gmail com> wrote:

I have noticed the following when performing SYN, ACK, and UDP pings:

...snip...


Command:
 sudo nmap -PS443 192.168.1.1


You are scanning 192.168.1.1 which leads me to believe the scanning machine
is directly connected to the same layer 2 network segment.  Nmap will use
ARP to determine if the host is up and shouldn't need to do any additional
discovery.  Are you able to reproduce your results on targets separated by
L2 boundaries?

Brandon


-- 
Brandon Enright
Network Security Analyst
UCSD ACS/Network Operations
bmenrigh () ucsd edu

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

By Date By Thread

Current thread:

Excessive traffic in -PS/PA/PU ping scans cybernmd (Mar 20)
- Re: Excessive traffic in -PS/PA/PU ping scans Brandon Enright (Mar 20)
- Re: Excessive traffic in -PS/PA/PU ping scans Eddie Bell (Mar 20)
- Re: Excessive traffic in -PS/PA/PU ping scans Professor Messer (Mar 20)
- <Possible follow-ups>
- Re: Excessive traffic in -PS/PA/PU ping scans cybernmd (Mar 20)
  - Re: Excessive traffic in -PS/PA/PU ping scans Hans Nilsson (Mar 21)