Re: -P0 still attempts ARP scan

[Fyodor <fyodor () insecure org>]

On Tue, Sep 13, 2005 at 11:44:43AM -0400, William MacKay wrote:
> I have looked through the source, but i can't figure out why Nmap is  
> doing an ARP ping scan when i give it -P0.

Packet's cannot be sent to other hosts on a local network until Nmap
can determine their MAC.  So instead of dealing with them later, one
at a time, Nmap does the ARP scan in parallel at the beginning for
ethernet connected hosts.  In some cases the OS may do it again anyway
if Nmap tries to send raw IP packets.  If you really want to avoid the
initial arp scan, you can specify --send_ip and then Nmap won't send
any raw ethernet packets.

> Is this a bug?

It is a feature, and you can turn it off if you really want to with
--send_ip.  This all should be documented better though, and I'm
working on that.

Cheers,
-F


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev