Re: ICMP Port Unreachable in Host Discovery

[Kris Katterjohn <katterjohn () gmail com>]

Will Cladek wrote:
> Kris,
>
> The host can be pinged as well, but you're right, there's no way of 
> knowing for sure if it's the host or an external firewall on its 
> behalf.  It does seem odd not to just be using a RST or simply ignoring 
> it completely.
>
> The thing that drew my attention to this is that normally I throw in a 
> -PE flag to do a ping as well, and even though the host is pingable, 
> occasionally the scan will just end and say the host is down.  I haven't 
> been able to recreate this is a controlled fashion, or else *that* would 
> be what I'd post about.  Maybe the host is just being inconsistent in 
> replying to echo requests.  I was just kind of hoping changing this ICMP 
> port unreachable behavior would be a simpler solution.  I guess I'll 
> just wait and try to recreate the original situation and try to post 
> about that.
>
> -Will

Hey,

A couple of things:

* Nmap has a --packet-trace option that might simplify your testing so 
you don't have to use tcpdump (unless tcpdump offers more information 
for your particular test).

* You might also want to experiment with this host using the timing 
options (-T).  Some hosts respond differently based on time, so slowing 
it down (like -T2) can affect things.  But be warned, -T2 can take a 
while, so you should probably just use it separately for this host if 
you're going to be scanning more than just a few.


Well, I hope that helps you.

Thanks,
Kris Katterjohn

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org