Re: what did I miss this time?

["R M" <rmtechnet () gmail com>]

I finally got a chance to test this with FreeBSD (nmap 4.01)

and guess what, it doesn't work for this one host. Regular ping works.

so I am forced to assume this host is able to differentiate between a
normal ping and an nmap echo request ping. Is this possible ??

thanks.

On 8/25/06, R M <rmtechnet () gmail com> wrote:
> Unfortunately I don't have immediate access to a linux or a BSD system
> now. But I am working on that so that i can test from that too.
>
> And upon getting your reply, I tried the -PE/-sP options on some other
> hosts. It works for all other hosts which I tried, except this one
> host !
>
> On 8/25/06, Kris Katterjohn <kjak () ispwest com> wrote:
> > R M wrote:
> > > hi !
> > >
> > > here's something which has been bugging me for sometime now.
> > >
> > > There is an IP address (public) which I can ping successfully. But
> > > when I do an 'nmap -PE' for the same IP, it says 'host seems down'. As
> > > expected, a packet capture shows that the -PE option is just sending
> > > an echo request (same as what PING is doing).
> > >
> > > I am trying this from different XP SP2 machines. Same result. I tried
> > > nmap 4.11 as well as 4.01. I also tried the -sP option, with the same
> > > outcome.
> > >
> > > Is there anyway the destination host can know that the icmp echo
> > > request is coming from nmap and not from a regular PING and thus
> > > blocks the nmap ping??
> > > Sorry for these basic questions.
> > >
> > > Appreciate any feedback/suggestions you can provide.
> > >
> > > thanks, folks.
> > >
> > > --Rosh
> >
> > Have you tried doing this on other platforms like Linux or *BSD? Have
> > you tried pinging and using the -PE/-sP option on other hosts?
> >
> >
> > Kris Katterjohn

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org