Re: Measuring Latency with nmap ping / discovery scan

[Eyal Raab <eyal.raab () gmail com>]

Another weird issue (see the attached screenshot).
On a Windows virtual machine, nmap reports that the host is up (nmap &
wireshark capture).
But on my MAC is reports the host is down.

I can't seem to find an explanation for it.

Eyal.



On Wed, Jul 16, 2014 at 3:35 PM, Eyal Raab <eyal.raab () gmail com> wrote:

> Hi Daniel,
>
> Thanks for the quick reply.
> I must be confused from all of the options I've been trying.
>
> I tried nmap with -sn but got the following:
>
> nmap -sn <IP_ADDRESS>
>
>
> Starting Nmap 6.46 ( http://nmap.org ) at 2014-07-16 15:27 IDT
>
> Note: Host seems down. If it is really up, but blocking our ping probes,
> try -Pn
>
> Nmap done: 1 IP address (0 hosts up) scanned in 3.01 seconds
>
>
> And then I added -Pn.
>
>
> Anyway, My main goal is to do a SYN/ACK scan to a host that I know is up
> and measure the latency.
>
> Any helpful ideas?
>
> Once the implementation works I'll measure tweak the amount of times I do
> it.
>
>
> Thanks,
>
> Eyal.
>
>
>
>
>
>
> On Wed, Jul 16, 2014 at 3:03 PM, Daniel Miller <bonsaiviking () gmail com>
> wrote:
>
> > Eyal,
> >
> > You have given the -Pn option, which means "skip host discovery." Your
> > scan is not sending any packets to the target at all. You probably instead
> > want: nmap -sn -n <ip_address>
> >
> > Also, Nmap may not be the best tool for this job, since it will report
> > the lowest latency based on a very small number of packets (4 for a default
> > privileged host discovery). In most cases, you should use something like
> > ping, which will send many repeated packets and report best/average/worst
> > latencies.
> >
> > Dan
> >
> >
> > On Wed, Jul 16, 2014 at 6:27 AM, Eyal Raab <eyal.raab () gmail com> wrote:
> >
> > > Hi,
> > >
> > > I want to test the latency to a given host by doing a discovery scan
> > > (with
> > > minimal intrusion).
> > > I issue the following command:
> > >
> > > nmap -sn -Pn <ip_address>
> > >
> > >
> > > And the output I'm getting is this:
> > >
> > >
> > > Starting Nmap 6.46 ( http://nmap.org ) at 2014-07-16 14:12 IDT
> > >
> > > Nmap scan report for <ip_address>
> > >
> > > Host is up.
> > >
> > > Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds
> > >
> > >
> > > However, with this sort of scan I don't see the latency output which
> > > I usually see.
> > >
> > >
> > > Can someone help me with the following questions:
> > >
> > >
> > >    1. Are there certain conditions that must exist for the latency output
> > >
> > >    to be displayed (assuming the host is up)?
> > >    2. Can I force the latency to be displayed?
> > >    3. Is there an NSE script that shows the latency (or something
> > > similar I
> > >
> > >    can adapt)?
> > >
> > > Any help in this direction will be greatly appreciated.
> > >
> > > Thanks,
> > > Eyal.
> > > _______________________________________________
> > > Sent through the dev mailing list
> > > http://nmap.org/mailman/listinfo/dev
> > > Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/