Re: Nmap ICMP/TCP Ping Insubordination

[Martin Mačok <martin.macok () underground cz>]

On Mon, Jun 07, 2004 at 12:44:27PM +0300, Noam Rathaus wrote:

> > > 1) ./nmap-3.50/nmap -PT80 -sP -d -n www.microsoft.com
> > > (under the root user)
> > > (under the non-root user)

> Any chance I can force connect() port ping instead of ACK (which is
> not quite the same as connect())?

Try -PS instead of -PT: if connect() is succesfull, -PS will be too.
(or simply run it as non root)

On Mon, Jun 07, 2004 at 12:48:58PM +0300, Noam Rathaus wrote:

> Also, I noted that it still creates an ICMP capture filter under
> root, which would in the case of -PT/-PS/etc be unnecessary, unless
> that host is non-routeable.

It is useful exactly for this reason - if you get ICMP unreachable
back, don't waste your time waiting for the timeout. (Actually, I have
seen hosts that return ICMP destination/network unreachables while
accepting TCP connections second later... which is the reason I don't
use -P options in most Internet/non-sweep scenarious at all.)

Martin Mačok
IT Security Consultant

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org