Nmap Development mailing list archives

Re: Excessive traffic in -PS/PA/PU ping scans

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Tue, 20 Mar 2007 18:26:55 +0000

On Tue, 20 Mar 2007 03:16:44 -0700
cybernmd <cybernmd () gmail com> wrote:

I have noticed the following when performing SYN, ACK, and UDP pings:

...snip...


Command:
 sudo nmap -PS443 192.168.1.1


You are scanning 192.168.1.1 which leads me to believe the scanning machine
is directly connected to the same layer 2 network segment.  Nmap will use
ARP to determine if the host is up and shouldn't need to do any additional
discovery.  Are you able to reproduce your results on targets separated by
L2 boundaries?

Brandon


-- 
Brandon Enright
Network Security Analyst
UCSD ACS/Network Operations
bmenrigh () ucsd edu

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Excessive traffic in -PS/PA/PU ping scans cybernmd (Mar 20)
- Re: Excessive traffic in -PS/PA/PU ping scans Brandon Enright (Mar 20)
- Re: Excessive traffic in -PS/PA/PU ping scans Eddie Bell (Mar 20)
- Re: Excessive traffic in -PS/PA/PU ping scans Professor Messer (Mar 20)
- <Possible follow-ups>
- Re: Excessive traffic in -PS/PA/PU ping scans cybernmd (Mar 20)
  - Re: Excessive traffic in -PS/PA/PU ping scans Hans Nilsson (Mar 21)