Nmap Development mailing list archives

RE: Sniffing nmap output

From: "Sean Warnock" <swarnock () warnocksolutions com>
Date: Sun, 5 Dec 2004 08:59:18 -0800

        I don't see why not.  You would need to be on the same network
segment to do this.  You might take a look at the Idle Scan option (-sI)
instead as it is fairly sneaky and would not require a host on the same
segment in promiscuous mode.  Take a look at the write-ups posted about
Idle Scanning;
http://www.insecure.org/nmap/idlescan.html


-----Original Message-----
From: W S N [mailto:woodenshoe () gmail com] 
Sent: Sunday, December 05, 2004 7:07 AM
To: nmap-dev () insecure org
Subject: Sniffing nmap output

I'm curious if anyone has ever tried to identify nmap query or
response packets promiscuously off a wire? Could one identify other
people running scans, or even identify the results of someone else's
scan? For instance, I might be able to passively learn the ports or
operating system of a system that someone else scanned. Any thoughts?

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org



---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List archive: http://seclists.org

Current thread:

Sniffing nmap output W S N (Dec 05)
- Re: Sniffing nmap output Martin Mačok (Dec 05)
- <Possible follow-ups>
- RE: Sniffing nmap output Sean Warnock (Dec 05)