Nmap Development mailing list archives
Re: Can't see nmap traffic
From: "Kris Katterjohn" <katterjohn () gmail com>
Date: Fri, 9 Nov 2007 06:47:07 -0600
On Nov 9, 2007 5:36 AM, Walker JWalker <j_walker2 () hotmail com> wrote:
When I scan my local network I can't see the traffic nmap generates. I've tried both Windows XP SP2 and Backtrack 2 in VMWare, and both tcpdump and Wireshark both listening on the correct interface with no luck. The only time I'm able to see the packets is if I scan anything other than 192.168.1.0/24. K:\nmap-4.20>nmap -sP 192.168.1.65/26 Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-08 22:44 Eastern Standard Time Host 192.168.1.100 appears to be up. MAC Address: 00:00:C5:B5:94:8F (Farallon Computing/netopia) Host 192.168.1.101 appears to be up. Host 192.168.1.102 appears to be up. MAC Address: 00:0C:29:7C:C9:CB (VMware) Nmap finished: 64 IP addresses (3 hosts up) scanned in 2.328 seconds Mean while an ICMP filter on both Wireshark and tcpdump show no output. Anyone know what could be wrong? I really need to get this fixed.
Did you always filter for ICMP? When you're scanning a local LAN, Nmap uses ARP packets for the ping scan as this is much more efficient. Thanks, Kris Katterjohn _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Can't see nmap traffic Walker JWalker (Nov 09)
- Re: Can't see nmap traffic Kris Katterjohn (Nov 09)
- Re: Can't see nmap traffic Diman Todorov (Nov 09)
- Re: Can't see nmap traffic Kris Katterjohn (Nov 09)
- Re: Can't see nmap traffic Diman Todorov (Nov 09)
- Re: Can't see nmap traffic Kris Katterjohn (Nov 09)