Nmap Development mailing list archives
Nmap port scanning problem
From: Алексей Буденчук <buav () altx-soft ru>
Date: Tue, 24 Dec 2013 12:59:23 +0400 (MSK)
Good afternoon! I found a strange bug while scanning machines in my company's local network. I ran Nmap (latest version, 6.40) on Windows 8.1 trying to find opened ports on 8 other machines in my network (which run Centos, Red Hat, Debian and Ubuntu). All of the scanned machines had guaranteed 22 port (ssh) opened. The command sent to Nmap is: nmap -T4 -A -v -oX - 10.0.0.210 10.0.0.211 10.0.0.212 10.0.0.213 10.0.0.214 10.0.0.215 10.0.0.216 10.0.0.217 As a result Nmap found opened ports only on 2 first machines (10.0.0.210 and 10.0.0.211) and detected all the others as in state="down" (full nmap response is attached to the letter). At the same time, when I tried to scan any of this machines separately, Nmap finds opened port 22 (ssh) on each of them. This behavior is quite confusing for me and I can't find any apparent reason for it. Analyzing the Nmap response, I found out that hosts were marked as down during the "ARP Ping Scan". Searching for the solution in the Internet, I found information about a special parameter: -disable-arp-scan. This parameter isn't mentioned in the official Nmap documentation on nmap.org, but when I included it in the command string, the scanning started immediately from "SYN Stealth Scan" skipping the step "ARP Ping Scan", and opened port 22 was found on all machines (10.0.0.210-217)! The described bug reproduces ONLY under two conditions: 1. Nmap runs on Windows 8.1 2. The number of machines scanned at once is more than 5 (I currently tested on 8) So, I have two questions: 1. Whether the described behavior can be considered as Nmap bug or may be I'm doing something wrong? 2. Why the parameter -disable-arp-scan isn't described on nmap.org, while it exists and, what's more, resolves my problem? Can I rely on it? Thanks in advance, Alex Budenchuk.
Attachment:
nmap response.txt
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap port scanning problem Алексей Буденчук (Dec 24)