Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nmap ICMP/TCP Ping Insubordination

From: Fyodor <fyodor () insecure org>
Date: Mon, 5 Jul 2004 00:46:21 -0700
On Mon, Jun 07, 2004 at 12:48:58PM +0300, Noam Rathaus wrote:



Also, I noted that it still creates an ICMP capture filter under root, which 
would in the case of -PT/-PS/etc be unnecessary, unless that host is 
non-routeable.


[ cut ]

Packet capture filter: (icmp and dst host 207.46.245.92) or (tcp and dst host 
192.117.122.128 and ( dst port 62241 or dst port 62242 or dst port 62243 or 
dst port 62244 or dst port 62245))

As you can see it still tries to use ICMP for detection, if I read it 
correctly.


Nmap does this because the host may respond to a TCP packet with an
ICMP packet (such as port unreachable, several host unreachable types,
including prohibited by firewall, or network unreachable).

Cheers,
Fyodor

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org
Previous By Date Next
Previous By Thread Next

Current thread: