Nmap Development mailing list archives
Re: NMAP Issue with Ping
From: David Fifield <david () bamsoftware com>
Date: Fri, 13 Nov 2009 11:59:22 -0700
On Fri, Nov 13, 2009 at 10:46:32AM -0800, Corey Chandler wrote:
David Fifield wrote:Nmap used to send two probes for host discovery, but now it sends four because that was found to be more effective. See http://nmap.org/book/man-host-discovery.html. But when the target is on the same Ethernet network, Nmap uses an ARP ping instead.nmap determines this automatically, correct? In other words, if I'm scanning 192.168.1.0/24, and the box itself lives at an IP contained within that subnet, it'll automatically switch itself over to ARP pinging?
Right. See the function route_dst in tcpip.cc, the parts where it sets
rnfo->direct_connect. This code in nexthost in targets.cc does the ARP
ping if 1) it's an Ethernet interface, 2) all the targets in the group
are directly connected, and 3) --send-ip was not used.
/* First I'll do the ARP ping if all of the machines in the group are
directly connected over ethernet. I may need the MAC addresses
later anyway. */
if (hs->hostbatch[0]->ifType() == devt_ethernet &&
hs->hostbatch[0]->directlyConnected() &&
o.sendpref != PACKET_SEND_IP_STRONG) {
arpping(hs->hostbatch, hs->current_batch_sz);
arpping_done = true;
}
David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Current thread:
- NMAP Issue with Ping Louay Saleh (Nov 09)
- Re: NMAP Issue with Ping David Fifield (Nov 11)
- Message not available
- Re: NMAP Issue with Ping David Fifield (Nov 13)
- Re: NMAP Issue with Ping Corey Chandler (Nov 13)
- Re: NMAP Issue with Ping David Fifield (Nov 13)
- Message not available
- Re: NMAP Issue with Ping David Fifield (Nov 11)
- <Possible follow-ups>
- Re: NMAP Issue with Ping David Fifield (Dec 22)