Penetration Testing mailing list archives

Re: Nmap

From: "John M. Martinelli" <john.martinelli () redlevel org>
Date: Sun, 2 Oct 2011 17:35:04 -0400

This would work but it would be kind of "noisy" to open port scan
every host. Also probably a little more time consuming.

Adding in syn scan or open port scan will create more time required as
we're now looking for open ports. What if all ports are closed? Will
it respond to a certain type of ICMP?

I think a great question to ask is: "What is the least-impactful way I
can very quickly determine what hosts are alive?" without a
traditional ping sweep.

On Sat, Oct 1, 2011 at 10:37 PM, Jeffory Atkinson <jatkinson () zelvin com> wrote:


All depends on what you are trying to achieve. I would assume that you are not concerned about monitoring devices 
seeing you have done a ping sweep with nmap. I agree with others a port scan is going to give you the best idea if a 
host is active. There are Many instances filtering devices can drop icmp or respond for hosts behind them.  Open 
ports and services are the best identifiers. A port has to be open in some form (open or filtered) to interact with 
in-bound connections. I would recommend a -sS (syn) scan you can opt for standard services or add -p1- for all 65k+ 
ports. All ports will verify and services/demons running. There are other options if bandwidth is an issue.


On Sep 30, 2011, at 5:17 PM, Ukpong <ukpong.ukpong () gmail com> wrote:

Can somebody suggest the best NMAP commands for identifying hosts that
are not responding to ICMP ping requests ?

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB 
CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Nmap Ukpong (Oct 01)
- Re: Nmap Mel Chandler (Oct 01)
  - Re: Nmap james (Oct 01)
  - Re: Nmap Marco Ivaldi (Oct 03)
- Re: Nmap Tim Gonzales (Oct 01)
  - Re: Nmap Jerry (Oct 01)
- Re: Nmap Jeffory Atkinson (Oct 01)
  - Re: Nmap John M. Martinelli (Oct 03)
    - Opinions on Burp Suite Web App Scanner Derrenbacker, L. Jonathan (Oct 12)
    - Re: Opinions on Burp Suite Web App Scanner pand0ra (Oct 12)
    - Re: Opinions on Burp Suite Web App Scanner Fabio Cerullo (Oct 12)
    - Re: Opinions on Burp Suite Web App Scanner Matt Gardenghi (Oct 12)
    - RE: Opinions on Burp Suite Web App Scanner Ben de Bont (Oct 12)
    - Re: Opinions on Burp Suite Web App Scanner Meenal Mukadam (Oct 19)
    - Re: Opinions on Burp Suite Web App Scanner Yiannis Koukouras (Oct 21)
    - Re: Opinions on Burp Suite Web App Scanner Robin Wood (Oct 12)