Re: ICMP packets on a local subnet?

[Daniel Miller <bonsaiviking () gmail com>]

On Sun, Feb 1, 2015 at 10:46 PM, Mike . <dmciscobgp () hotmail com> wrote:

> so help me here. i appologize if this question is dumb. i wanted to throw
> some packets at my local router and TIVO box, mainly ICMPs to see the
> response and what got accepted. apparently this cannot be done? even if i
> suppress the scan option and go directly with a ping scan i keep seeing
> nmap forcing the ARP attempt to discover. is there a way to supress this to
> fire off said ICMPs? i am on windows so send-ip is out of the question
> (doens't work anyway, i tried) here is the output
The option you are looking for is --disable-arp-ping. You can read more
here: http://nmap.org/book/man-host-discovery.html


> if i use -Pn i get nothing basically. am i doing something wrong or is
> this just normal network limitations?
Correct, -Pn means "send no host discovery probes" and assumes every target
is up.


> last question is this. this is more output using the max debug level. i am
> just curious how in the world it knows USER SET was received if , as you
> can see, not a single packet was created and sent out?????
>
> C:\Users\McKittrick\Desktop>nmap -n -vv -T4 -max-retries 3 -reason -PE
> -packet-trace 192.168.0.1 -Pn -sn -d9
>
>
> Nmap scan report for 192.168.0.1
> Host is up, received user-set.
> No data files read.
> Nmap done: 1 IP address (1 host up) scanned in 0.03 seconds
"user-set" means that the user (you) set the host as "up" by using the -Pn
option. The verb "received" is part of a format string that makes more
sense when the response type is "syn-ack" or "echo-reply".

Dan

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/