Nmap 4.x --max-retries option not being honored for "Ping Scan's"

[<codeproj () nym hush com>]

All,

I just found an apparent bug in all versions of nmap from 4.00 to 
4.20 release.

The --max-retries option is not being honored for "Ping Scans" 
(i.e., command-line option "-sP").

I am aware that the "--max-retries" option was fixed for "regular" 
scans in version 4.20, however, this option is still *not* being 
honored for "Ping Scans".

Eg.

$ ./nmap-4.11 --send-ip --packet-trace --max-retries 0 -n -sP -PE -
PS80 192.168.0.200

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2006-12-20 
09:25 PST
SENT (0.0140s) ICMP 192.168.0.100 > 192.168.0.200 Echo request 
(type=8/code=0) ttl=59 id=30036 iplen=28
SENT (0.0150s) TCP 192.168.0.100:41410 > 192.168.0.200:80 S ttl=38 
id=6633 iplen=44 seq=2982239518 win=3072
SENT (1.0340s) ICMP 192.168.0.100 > 192.168.0.200 Echo request 
(type=8/code=0) ttl=41 id=54427 iplen=28
SENT (1.0340s) TCP 192.168.0.100:41411 > 192.168.0.200:80 S ttl=47 
id=48919 iplen=44 seq=662789470 win=4096
Note: Host seems down. If it is really up, but blocking our ping 
probes, try -P0
Nmap finished: 1 IP address (0 hosts up) scanned in 2.055 seconds

As you can see, although the --max-retries option is set to 0 (ie. 
no retries), the Ping Scan packets are sent out "twice" instead of 
only once.  This behavior occurs regardless of the Ping Scan 
options that are selected.

I have tested this issue on all release versions of nmap from 
version 4.00 to 4.20, and it is present in all of them.

Haven't had time to check the code to see where the problem lies 
yet, but thought I should at least report the problem.

Thanks!



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org