RCVD ICMP echo reply but host not up

[Sai Prajeeth <csprajeeth () gmail com>]

Hi list

I was scanning some ip addresses (-sP) and when the scan finished i wanted
to take a closer look at the host that were reported down. I did packet
trace on a host that was down and surprisingly it the trace showed that

...
RCVD(0.9.,s) > xxx... > xxxx... echo reply ...
...
RCV(1.5...s)> xxx... >xxx.. echo reply

but nmap showed that host was down.

I was surprised and thought maybe this is due to the high time value of the
packets. so i increased the RTT value (--max-rtt-timeout=2s) and
surprisingly the response packets came after 2.5s and host was reported as
DOWN. Then i increased it to 5s and now the responses came after 6s and
host was still reported DOWN.

I remember only once the host was shown UP because the packet reached quite
quickly. Now i am not able to reproduce this behavior. I am confused. Is
this a bug in nmap or some firewall or does my network suck?
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/