Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Nmap says Host down when actually host is up.
From: Fyodor <fyodor () insecure org>
Date: Thu, 25 Oct 2007 14:23:08 -0700

On Thu, Oct 25, 2007 at 09:08:05AM -0500, Swapnali wrote:
Following is verbose output.

Nmap says Host seems to be a subnet broadcast address
(returned 1 extra pings)

D:\>nmap -sP -vv --packet-trace

Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-23 08:40 Central
SENT ( 0.2340s) ICMP > Echo request
(type=8/code=0) ttl=56 id=10663 iplen=28
RCVD (0.2660s) ICMP > Echo reply (type=0/code=0)
ttl=249 id=10663 iplen=28

Are you sure this host is really up?  If so, it is strange that it is
replying to the ping packet from a different IP than the one the ping
was sent to.  I normally only see that with subnet-directed broadcast
addresses, so Nmap does not treat the machine as being up unless it
receives the response from the same address it sent to.  It is also
interesting that this target host apparently didn't reply to the port
80 request.  Again, are you sure it is actually up?  What OS is it

Does anyone know if the RFC even allows a machine receiving an ICMP
echo request to respond from a different IP address?  I doubt that is
allowed, but I'm not certain.


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]