Re: nmap ping scan (with fixed digit) produces unreliable results

[David Fifield <david () bamsoftware com>]

On Sat, Jun 26, 2010 at 08:11:57PM +0200, Peter Van Eeckhoutte wrote:
> I was trying to find a way to make nmap ping hosts on my networks,
> using a fixed digit
>
> Let's say I want to ping all hosts ending in .3
>
> I have tried
>
> nmap -sP -v 192.168.0-255.3
> nmap -sP -v 192.168.*.3
>
> Both actions seem to trigger echo requests, but nmap returns that most (or all) of these hosts are up (which is not 
> the case)

Are you sure that they are echo requests? If these are LAN hosts then
Nmap will be using ARP scan. See
http://nmap.org/book/man-host-discovery.html. Try running with
--packet-trace to see what is being sent.

There may be some network device that is responding to the ARP requests,
making them appear "up" from Nmap's perspective. Try using the --send-ip
option to disable ARP scan and see if you get different results.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/