Re: something is terribly wrong with nmap

[Daniel Miller <bonsaiviking () gmail com>]

On 08/20/2012 02:37 AM, Eugene M. Zheganin wrote:
> Hi.
>
> On 18.08.2012 19:14, Ron wrote:
> > Can you produce that with -d or, better yet, -d3 turned on?
> Sure.
>
> [emz@taiga:elf/fileshare]# nmap -d9 -Pn -sS -p 22 -oG - 192.168.3.20
> # Nmap 6.01 scan initiated Mon Aug 20 13:34:41 2012 as: nmap -d9 -Pn 
> -sS -p 22 -oG - 192.168.3.20
> # Ports scanned: TCP(1;22) UDP(0;) SCTP(0;) PROTOCOLS(0;)
> Host: 192.168.3.20 ()   Status: Down
> # Nmap done at Mon Aug 20 13:34:41 2012 -- 1 IP address (0 hosts up) 
> scanned in 0.64 seconds
> [emz@taiga:elf/fileshare]# telnet 192.168.3.20 22
> Trying 192.168.3.20...
> Connected to 192.168.3.20.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_5.4p1 FreeBSD-20100308
> ^]
> telnet> Connection closed.
>
>
>
> Thanks.
> Eugene.
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
Eugene,

The -oG - is hiding the Normal output, which ought to show some 
diagnostic information.

What strikes me as odd is that the host is determined to be down, even 
though you specified -Pn. This likely means that you are on the same 
Ethernet segment as the target, but Nmap's ARP resolver cannot determine 
the link-layer address associated with it. Do you run into the same 
problem if you add --unprivileged to the scan?

Some more diagnostic information would be helpful: Normal output with -d 
(probably no need to go higher than -d2), output of nmap --version, and 
information about your system (uname -a).

Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/