Home page logo

nmap-dev logo Nmap Development mailing list archives

Nmap port scanning problem
From: Алексей Буденчук <buav () altx-soft ru>
Date: Tue, 24 Dec 2013 12:59:23 +0400 (MSK)

Good afternoon!

I found a strange bug while scanning machines in my company's local network. I ran Nmap (latest version, 6.40) on 
Windows 8.1 trying to find opened ports on 8 other machines in my network (which run Centos, Red Hat, Debian and 
Ubuntu). All of the scanned machines had guaranteed 22 port (ssh) opened. The command sent to Nmap is:
nmap -T4 -A -v -oX -

As a result Nmap found opened ports only on 2 first machines ( and and detected all the others as 
in state="down" (full nmap response is attached to the letter). At the same time, when I tried to scan any of this 
machines separately, Nmap finds opened port 22 (ssh) on each of them. This behavior is quite confusing for me and I 
can't find any apparent reason for it. 

Analyzing the Nmap response, I found out that hosts were marked as down during the "ARP Ping Scan". Searching for the 
solution in the Internet, I found information about a special parameter: -disable-arp-scan. This parameter isn't 
mentioned in the official Nmap documentation on nmap.org, but when I included it in the command string, the scanning 
started immediately from "SYN Stealth Scan" skipping the step "ARP Ping Scan", and opened port 22 was found on all 
machines (!

The described bug reproduces ONLY under two conditions:
1. Nmap runs on Windows 8.1
2. The number of machines scanned at once is more than 5 (I currently tested on 8)

So, I have two questions:
1. Whether the described behavior can be considered as Nmap bug or may be I'm doing something wrong?
2. Why the parameter -disable-arp-scan isn't described on nmap.org, while it exists and, what's more, resolves my 
problem? Can I rely on it?

Thanks in advance,
Alex Budenchuk.

Attachment: nmap response.txt

Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
  • Nmap port scanning problem Алексей Буденчук (Dec 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]