Re: -P0 still attempts ARP scan

[William MacKay <foobaz () gmail com>]

On Sep 13, 2005, at 12:24 PM, Arturo 'Buanzo' Busleiman wrote:

> William MacKay wrote:
>
> > I have looked through the source, but i can't figure out why Nmap is
> > doing an ARP ping scan when i give it -P0. Is this a bug? I'm pasting
> > a log to demonstrate the problem. The -p80 option isn't necessary,
> > but makes the log a lot shorter:
>
> It seems it is default behaviour when the destination IP is in the  
> range of one of your nics.

This is bad, because --spoof_mac seems to screw up the ARP ping scan,  
so it refuses to scan even with -P0. Here's another log demonstrating  
that:

12:40 foobaz@port200:~]% sudo nmap -P0 --spoof_mac 0 10.171.32.1

Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2005-09-13  
12:40 EDT
Spoofing MAC address 79:00:33:90:0F:54 (No registered vendor)
Note: Host seems down. If it is really up, but blocking our ping  
probes, try -P0
Nmap finished: 1 IP address (0 hosts up) scanned in 0.641 seconds
12:40 foobaz@port200:~]%


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev