Re: Nmap says Host down when actually host is up.

["DePriest, Jason R." <jrdepriest () gmail com>]

On 10/22/07, Swapnali  wrote:
> Hi,
>
> I am using nmap 4.20 for windows. I am working on a windows xp with sp2. I
> have tried to find the solution for my problem on the nmap lists but it
> didn't help. Hence this mail.
>
> I have tried many host discovery options to figure out why nmap says a
> particular host is down when actually the host is up. Enclosed is also the
> screenshot of the nmap response as opposed to the icmp ping response to a
> particular IP along with the ethereal snapshot. When I do icmp ping, I do
> receive the reply. But when I use "nmap -sP <ip>" the response I receive is;
>
>                    Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-22
> 14:49 Central Daylight
>                    Time
>                    Note: Host seems down. If it is really up, but blocking
> our ping probes, try -P0
>
>                    Nmap finished: 1 IP address (0 hosts up) scanned in
> 4.188 seconds
>
> I used ethereal to check whats going on. I saw a ping request going to a
> destination IP and a reply from another interface of the same machine with a
> different IP in the source with icmp seq. number being the same. Is nmap
> matching both destination IP in request and src ip in reply packet? If this
> is the case, it might be a bug. Because, as in this case a machine might
> have multiple IP's. Infact I am facing this problem with many hosts.  Am I
> missing something here?
> I will appreciate any help/ info on this. Awaiting a positive response.
>
> -Swapnali

Greetings, Swapnali,

Try running nmap against a single trouble system
nmap -sP <host>
but include -vv (that is two v's and not one w) and --packet-trace as well
so
nmap -sP -vv --packet-trace <host>
That should provide helpful information for you and for the list.

-Jason

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org