Home page logo

nmap-dev logo Nmap Development mailing list archives

RCVD ICMP echo reply but host not up
From: Sai Prajeeth <csprajeeth () gmail com>
Date: Wed, 10 Apr 2013 14:22:17 +0530

Hi list

I was scanning some ip addresses (-sP) and when the scan finished i wanted
to take a closer look at the host that were reported down. I did packet
trace on a host that was down and surprisingly it the trace showed that

RCVD(0.9.,s) > xxx... > xxxx... echo reply ...
RCV(1.5...s)> xxx... >xxx.. echo reply

but nmap showed that host was down.

I was surprised and thought maybe this is due to the high time value of the
packets. so i increased the RTT value (--max-rtt-timeout=2s) and
surprisingly the response packets came after 2.5s and host was reported as
DOWN. Then i increased it to 5s and now the responses came after 6s and
host was still reported DOWN.

I remember only once the host was shown UP because the packet reached quite
quickly. Now i am not able to reproduce this behavior. I am confused. Is
this a bug in nmap or some firewall or does my network suck?
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
  • RCVD ICMP echo reply but host not up Sai Prajeeth (Apr 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]