Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: options -sn not just pinging

From: Christopher C Thornton <christopher.thornton () dteenergy com>
Date: Tue, 18 Apr 2017 21:28:03 +0000

Interesting because the description says "Ping Scan" 
And it never reports responses from ports 443 and 80
"-sn: Ping Scan - disable port scan"
If it sends probes to 443 and 80 on purpose why does it not report them as being open in the output? What would be the 
use of that?

 
-----Original Message-----
From: David Fifield [mailto:david () bamsoftware com] 
Sent: Tuesday, April 18, 2017 5:20 PM
To: Christopher C Thornton <christopher.thornton () dteenergy com>
Cc: dev () nmap org
Subject: Re: options -sn not just pinging

On Mon, Apr 17, 2017 at 09:17:55PM +0000, Christopher C Thornton wrote:

When I run this scan

nmap -sn 192.168.9.0/25

nmap pings the address range (expected result ) but it also sends syn 
packets to tcp port 443 on each of the IP’s And it sends ack packets 
to port 80


-sn doesn't mean "ping scan"; it means "host discovery only." The default host discovery sends four probes:
        ICMP echo
        TCP SYN to port 443
        TCP ACK to port 80
        ICMP timestamp request
If you only want ICMP echo, do -sn -PE.


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: