Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Can't see nmap traffic
From: "Kris Katterjohn" <katterjohn () gmail com>
Date: Fri, 9 Nov 2007 06:47:07 -0600

On Nov 9, 2007 5:36 AM, Walker JWalker <j_walker2 () hotmail com> wrote:

When I scan my local network I can't see the traffic nmap generates.  I've tried both Windows XP SP2 and Backtrack 2 
in VMWare, and both tcpdump and Wireshark both listening on the correct interface with no luck.  The only time I'm 
able to see the packets is if I scan anything other than

K:\nmap-4.20>nmap -sP

Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-08 22:44 Eastern Standard
Host appears to be up.
MAC Address: 00:00:C5:B5:94:8F (Farallon Computing/netopia)
Host appears to be up.
Host appears to be up.
MAC Address: 00:0C:29:7C:C9:CB (VMware)
Nmap finished: 64 IP addresses (3 hosts up) scanned in 2.328 seconds

Mean while an ICMP filter on both Wireshark and tcpdump show no output.  Anyone know what could be wrong?  I really 
need to get this fixed.

Did you always filter for ICMP?  When you're scanning a local LAN,
Nmap uses ARP packets for the ping scan as this is much more

Kris Katterjohn

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]