Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: network and nmap doubt
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 11 Oct 2011 15:43:15 -0500

On 10/11/2011 01:39 PM, Joao Daniel wrote:

I was figuring out if I can discoverer how many computers are behind a NAT. As far as I know a NAT works like state firewall by blocking some types of TCP packages.

I assumed that NAT will (of course?) block SYN packages. So, I tried to ran:

nmap -PA IP
nmap -sA IP

Both gave me just 1 Host Up. This is not true.  My questions are:

1) Why it did not work ?
NAT works by maintaining a map of locally-originated connections to external ports. If a packet of any type comes in to the NAT device without a pre-existing connection on that port, the device cannot know where to send it.
2) Is it possible to do it ? (I want to find out how, dont tell, just say yes or no)
No, unless the NAT device is forwarding one or more ports to internal hosts.
    2a) Will it need scripts?
If one or more ports are mapped to internal hosts, the qscan script may be able to differentiate which machines those ports belong to.

3) Where I can look out for Nmap's scripts ?

http://nmap.org/nsedoc/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Best of luck,

Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]