RE: Nmap

["Rochford, Paul" <paul.rochford () hp com>]

> From the Nmap man page: See comments on root non-root users. The
scanning techniques are different.

-sP    Ping scanning: Sometimes you only want to know which hosts on  a
              network  are  up.  Nmap can do this by sending ICMP
echo(1,3x,1 builtins) request
              packets to every IP address on the networks you specify.
Hosts
              that   respond  are  up.   Unfortunately,  some  sites
such  as
              microsoft.com block echo(1,3x,1 builtins) request packets.
Thus  nmap  can  also
              send(2,n) a TCP ack packet to (by default) port 80.  If we
get an RST
              back, that machine is up.  A third technique involves
sending  a
              SYN  packet  and  waiting  for a RST or a SYN/ACK.  For
non-root
              users(1,5), a connect() method is used.

              By default (for root users(1,5)), nmap uses both  the
ICMP  and  ACK
              techniques  in(1,8) parallel.  You can change the -P
option described
              later.

              Note that pinging is done by default anyway, and only
hosts that
              respond  are  scanned.  Only use this option if(3,n) you
wish to ping
              sweep without doing any actual port scans.

 


Kind Regards,
Paul Rochford 



-----Original Message-----
From: Mathew Jose [mailto:jose.jmathew () gmail com] 
Sent: Wednesday, August 10, 2005 12:39 AM
To: security-basics () securityfocus com
Subject: Nmap

Hi,

I am using Nmap  version 3.00  to do a ping sweep of a network on 
Enterprise Redhat Linux   2.4.21-27.


Thh command line I use is  "nmap -sP 192.168.1.1/24 "


When I am running the ping sweep as normal user   I am able to
discover some  devices in the network.

But when I run the ping sweep as root user it is detecting more devices
and in some cases reporting non existing host as running.

Anyone hit this issue before ?



-Pran