Nmap Development mailing list archives
Re: Nmap ICMP/TCP Ping Insubordination
From: Fyodor <fyodor () insecure org>
Date: Mon, 5 Jul 2004 00:46:21 -0700
On Mon, Jun 07, 2004 at 12:48:58PM +0300, Noam Rathaus wrote:
Also, I noted that it still creates an ICMP capture filter under root, which would in the case of -PT/-PS/etc be unnecessary, unless that host is non-routeable.
[ cut ]
Packet capture filter: (icmp and dst host 207.46.245.92) or (tcp and dst host 192.117.122.128 and ( dst port 62241 or dst port 62242 or dst port 62243 or dst port 62244 or dst port 62245)) As you can see it still tries to use ICMP for detection, if I read it correctly.
Nmap does this because the host may respond to a TCP packet with an ICMP packet (such as port unreachable, several host unreachable types, including prohibited by firewall, or network unreachable). Cheers, Fyodor --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Re: Nmap ICMP/TCP Ping Insubordination Fyodor (Jul 05)
- <Possible follow-ups>
- Re: Nmap ICMP/TCP Ping Insubordination Fyodor (Jul 05)