Nmap Development mailing list archives
Question(s) about arp ping in context of tcp and ping scans
From: "Sina Bahram" <sbahram () nc rr com>
Date: Fri, 30 Dec 2005 17:28:43 -0500
Hi all, My ip was 192.168.1.103 throughout all of this: I issued the following command: nmap -sP 192.168.1.* -v It said: Initiating ARP Ping Scan against 103 hosts [1 port/host] at 17:18 The ARP Ping Scan took 4.92s to scan 103 total hosts. Then it listed them out ... Which I won't copy here, but this is odd ... It only scanned up to my ip, and then it listed them, and then it did: Initiating ARP Ping Scan against 152 hosts [1 port/host] at 17:18 The ARP Ping Scan took 5.80s to scan 152 total hosts. So it did the upper portion passed my IP ... Why is the arp ping scan split upon one's IP? So then I did: Nmap -sT -p80 192.168.1.* -vv I did -p80 just to speed things up, no other reason. So I got: Initiating ARP Ping Scan against 103 hosts [1 port/host] at 17:22 The ARP Ping Scan took 2.63s to scan 103 total hosts. Initiating Connect() Scan against 2 hosts [1 port/host] at 17:22 Followed by the connect scan results on those two hosts, and then I got: Initiating ARP Ping Scan against 152 hosts [1 port/host] at 17:22 The ARP Ping Scan took 15.39s to scan 152 total hosts. Initiating Connect() Scan against quark.nc.rr.com (192.168.1.103) [1 port] at 17:22 So, again: we see that it splits it according to the arp scan ... Why is this? Also, why does the arp ping on the tcp scan take so much longer for the upper portion? I did this a few times in a row, and I always got that arp ping on the upper portion taking about 3 to 5 times longer with a tcp scan, than with plain old ping scan, but both supposedly use the same arp ping. Thanks for any advice. Take care, Sina _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Question(s) about arp ping in context of tcp and ping scans Sina Bahram (Dec 30)