Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Apparent Bug in Nmap
From: Fyodor <fyodor () insecure org>
Date: Thu, 4 Jun 2009 14:44:43 -0700

On Thu, Jun 04, 2009 at 11:38:03AM -0500, sbammel wrote:
Test #2: (shows up when it is not)

Nmap Command:
c:\Temp\nmap>nmap -sP
Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-04 11:19 Central Daylight Time
Host is up (0.00s latency).
Nmap done: 2 IP addresses (1 host up) scanned in 1.74 seconds

Ethereal Output:
No.     Time        Source                Destination           Protocol Info
     10 11.277806               TCP      62969 > http [ACK] Seq=0 Ack=0 Win=3072 Len=0
     11 11.278167               ICMP     Destination unreachable (Host unreachable)

Hi Stanley.  Whether to consider a host "up" can be a touch policy
decision.  We tend to err on the side of considering hosts up rather
than being too strict about it.  In this case above, Nmap receives a
packet purportedly FROM claiming that it is not reachable.
Well, it was reachable enough that we got a response from that IP, so
we consider it reachable enough to continue scanning.

Now if the unreachable comes from a different IP address than the
target, we treat it differently.


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]