Penetration Testing mailing list archives
Re: Weird Nmap Behavior
From: rajat swarup <rajats () gmail com>
Date: Tue, 6 Oct 2009 12:53:30 -0400
On Mon, Oct 5, 2009 at 1:38 PM, arvind doraiswamy <arvind.doraiswamy () gmail com> wrote:
--- If every port is filtered and ping is blocked(Internet) how does Nmap decide that a host is up? --- How would you explain behavior like the above where I know for a fact an IP hasn't been assigned to a server/device/anything? Lastly if I want to test known "down" IP's are there any such IP's? Not misspelt domain names as of now - just test "down" IP addresses. Finally if this behavior for Nmap is how it is and can't be changed(due to whatever stack dependencies etc , just shooting in the air here) isn't this giving in accurate results? What is a workaround?
Did you run nmap with the --reason flag? If it's possible post the output of the --reason scan or mostly it'd be self-explanatory. HTH, -- Rajat Swarup http://rajatswarup.blogspot.com/ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Weird Nmap Behavior arvind doraiswamy (Oct 05)
- Re: Weird Nmap Behavior Wim Remes (Oct 06)
- Re: Weird Nmap Behavior Robert Portvliet (Oct 06)
- RE: Weird Nmap Behavior Gorgon Beast (Oct 06)
- Re: Weird Nmap Behavior Jon Kibler (Oct 06)
- RE: Weird Nmap Behavior mhellman (Oct 06)
- Re: Weird Nmap Behavior Jon Kibler (Oct 06)
- Re: Weird Nmap Behavior yaroslav (Oct 06)
- Re: Weird Nmap Behavior τ∂υƒιφ * (Oct 06)
- Re: Weird Nmap Behavior Tim (Oct 06)
- Re: Weird Nmap Behavior rajat swarup (Oct 06)