Security Basics mailing list archives
Re: nmap -sP -PE -R -v behaves differently with root/un-root
From: Marc Ouwerkerk <olderchurch () gmail com>
Date: Mon, 8 Aug 2011 14:32:55 +0200
-PE and -sP are both used for discovery. -sP has different behavior for root and non-root users. From the manual: Ping Scan [-sP] This scan type lists the hosts within the specified range that responded to a ping. It allows you to detect which computers are online, rather than which ports are open. Four methods exist within Nmap for ping sweeping. The first method sends an ICMP ECHO REQUEST (ping request) packet to the destination system. If an ICMP ECHO REPLY is received, the system is up, and ICMP packets are not blocked. If there is no response to the ICMP ping, Nmap will try a "TCP Ping", to determine whether ICMP is blocked, or if the host is really not online. A TCP Ping sends either a SYN or an ACK packet to any port (80 is the default) on the remote system. If RST, or a SYN/ACK, is returned, then the remote system is online. If the remote system does not respond, either it is offline, or the chosen port is filtered, and thus not responding to anything. When you run an Nmap ping scan as root, the default is to use the ICMP and ACK methods. Non-root users will use the connect() method, which attempts to connect to a machine, waiting for a response, and tearing down the connection as soon as it has been established (similar to the SYN/ACK method for root users, but this one establishes a full TCP connection!) The ICMP scan type can be disabled by setting -P0 (that is, zero, not uppercase o). On Fri, Aug 5, 2011 at 5:41 AM, John Hunter <johnny.h.hunter () gmail com> wrote:
I was running the command nmap -sP -PE -R -v microsoft.com ebay.com yahoo.com \google.com slashdot.orgit behaves differently when I was a root user and a non-root user. ironically that when I was a non-root, the result is more accurate. when I was a non-root: john@virtual-evolution:~$ nmap -sP -PE -R -v microsoft.com ebay.com yahoo.com \google.com slashdot.org.... Host 207.46.232.182 is up (0.014s latency). Host pages.ebay.com (66.211.160.87) is up (0.086s latency). Host ir1.fp.vip.ac4.yahoo.com (67.195.160.76) is up (0.016s latency). Host vw-in-f147.1e100.net (74.125.113.147) is up (0.028s latency). Host slashdot.org (216.34.181.45) is up (0.038s latency). Nmap done: 5 IP addresses (5 hosts up) scanned in 13.36 seconds when i was a root: root@virtual-evolution:~# nmap -sP -PE -R -v microsoft.com ebay.com yahoo.com google.com slashdot.org .... Host 207.46.197.32 is down. Host pages.ebay.com (66.135.205.14) is down. Host ir1.fp.vip.mud.yahoo.com (209.191.122.70) is down. Host vw-in-f106.1e100.net (74.125.113.106) is down. Host slashdot.org (216.34.181.45) is up (0.044s latency). Nmap done: 5 IP addresses (1 host up) scanned in 14.26 seconds Raw packets sent: 10 (280B) | Rcvd: 6 (168B) Why is that? Thanks! ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- nmap -sP -PE -R -v behaves differently with root/un-root John Hunter (Aug 05)
- Re: nmap -sP -PE -R -v behaves differently with root/un-root Shain Singh (Aug 09)
- Re: nmap -sP -PE -R -v behaves differently with root/un-root Marc Ouwerkerk (Aug 09)
- Re: nmap -sP -PE -R -v behaves differently with root/un-root Todd Haverkos (Aug 09)
- Message not available
- Re: nmap -sP -PE -R -v behaves differently with root/un-root John Hunter (Aug 09)
- Re: nmap -sP -PE -R -v behaves differently with root/un-root Shain Singh (Aug 09)
- Re: nmap -sP -PE -R -v behaves differently with root/un-root _rob_d (Aug 09)
- Re: nmap -sP -PE -R -v behaves differently with root/un-root John Hunter (Aug 09)
- Re: nmap -sP -PE -R -v behaves differently with root/un-root Martin T (Aug 09)
- RE: nmap -sP -PE -R -v behaves differently with root/un-root Lehman, Jim (Aug 09)
- Process hiding in 2.6 linux kernel lifel0ver t0mh3t (Aug 09)
- Re: Process hiding in 2.6 linux kernel Claudiu Hulea (Aug 09)
- RE: nmap -sP -PE -R -v behaves differently with root/un-root Lehman, Jim (Aug 09)