Security Basics mailing list archives
RE: Nmap
From: "Rochford, Paul" <paul.rochford () hp com>
Date: Thu, 11 Aug 2005 17:41:56 +0100
From the Nmap man page: See comments on root non-root users. The
scanning techniques are different. -sP Ping scanning: Sometimes you only want to know which hosts on a network are up. Nmap can do this by sending ICMP echo(1,3x,1 builtins) request packets to every IP address on the networks you specify. Hosts that respond are up. Unfortunately, some sites such as microsoft.com block echo(1,3x,1 builtins) request packets. Thus nmap can also send(2,n) a TCP ack packet to (by default) port 80. If we get an RST back, that machine is up. A third technique involves sending a SYN packet and waiting for a RST or a SYN/ACK. For non-root users(1,5), a connect() method is used. By default (for root users(1,5)), nmap uses both the ICMP and ACK techniques in(1,8) parallel. You can change the -P option described later. Note that pinging is done by default anyway, and only hosts that respond are scanned. Only use this option if(3,n) you wish to ping sweep without doing any actual port scans. Kind Regards, Paul Rochford -----Original Message----- From: Mathew Jose [mailto:jose.jmathew () gmail com] Sent: Wednesday, August 10, 2005 12:39 AM To: security-basics () securityfocus com Subject: Nmap Hi, I am using Nmap version 3.00 to do a ping sweep of a network on Enterprise Redhat Linux 2.4.21-27. Thh command line I use is "nmap -sP 192.168.1.1/24 " When I am running the ping sweep as normal user I am able to discover some devices in the network. But when I run the ping sweep as root user it is detecting more devices and in some cases reporting non existing host as running. Anyone hit this issue before ? -Pran