Nmap Development mailing list archives
Re: bug - scan fails first time, runs 2nd
From: David Fifield <david () bamsoftware com>
Date: Thu, 6 Sep 2012 17:11:11 -0700
On Wed, Aug 22, 2012 at 06:05:36AM -0700, ^..^ wrote:
Following up to my own…. (Behavior on Mtn. Lion, nmap v 6.01.) It looks like nmap is doing an ARP ping scan the first time it looks at something it hasn't seen before; the -vv flags show this: # nmap -vv -p 80 128.128.128.128 Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-22 05:59 PDT Initiating ARP Ping Scan at 05:59 Scanning 128.128.128.128 [1 port] Completed ARP Ping Scan at 05:59, 0.41s elapsed (1 total hosts) Nmap scan report for 128.128.128.128 [host down] Read data files from: /usr/local/bin/../share/nmap Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 0.44 seconds Raw packets sent: 2 (56B) | Rcvd: 0 (0B) sh-3.2# nmap -vv -p 80 128.128.128.128 Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-22 05:59 PDT Initiating Ping Scan at 05:59 Scanning 128.128.128.128 [4 ports] Completed Ping Scan at 05:59, 3.02s elapsed (1 total hosts) Nmap scan report for 128.128.128.128 [host down] Read data files from: /usr/local/bin/../share/nmap Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 3.05 seconds Raw packets sent: 8 (304B) | Rcvd: 0 (0B)
Can you give us "netstat -rn" in both cases? Mac OS X can create transient routes and this might be affecting Nmap. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- bug - scan fails first time, runs 2nd ^..^ (Aug 21)
- Re: bug - scan fails first time, runs 2nd ^..^ (Aug 22)
- Re: bug - scan fails first time, runs 2nd David Fifield (Sep 06)
- Re: bug - scan fails first time, runs 2nd ^..^ (Aug 22)