Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Target host got nmap "down" but ping is ok

From: "Ji Xu (jix2)" <jix2 () cisco com>
Date: Tue, 21 Oct 2008 09:58:30 +0800
Hi Michael:

Thanks for your prompt response. I have got the logs and attached.

In addition, in order to scan the tcp port on 10.190.1.8, I have to add option -PN, otherwise the scan will fail, I 
think there are caused by same issue.

Both target and attack host is Solaris

Regards
Ji

-----Original Message-----
From: Michael Pattrick [mailto:mpattrick () rhinovirus org] 
Sent: Monday, October 20, 2008 吉20:06
To: Ji Xu (jix2)
Cc: nmap-dev () insecure org
Subject: Re: Target host got nmap "down" but ping is ok

Hi Ji Xu,

Could you run the following commands:

nmap -sP -n -d3 --packet-trace 10.190.1.3/28
nmap -sP --send-ip -n -d3 --packet-trace 10.190.1.3/28

And send the output? This will help diagnose the problem.

Cheers,
Michael Pattrick


On Mon, Oct 20, 2008 at 4:56 AM, Ji Xu (jix2) <jix2 () cisco com> wrote:

Hi Nmap experts:



I'm using nmap for security test and I have one question here. My target
host is 10.190.1.8 and attacker is 10.190.1.3, on attacker host I enter
"nmap -v -sP 10.190.1.3/28", it returns that 10.190.1.8 is down, but
when ping on the same host, it's reachable. So could anyone tell me
where the problem is?



-bash-3.00# nmap -v -sP 10.190.1.3/28



Starting Nmap 4.68 ( http://nmap.org ) at 2008-10-20 16:34 CST

Warning: File ./nmap-services exists, but Nmap is using
/opt/security/share/nmap/nmap-services for security and consistency
reasons.  set NMAPDIR=. to give priority to files in your local
directory (may affect the other data files too).

Initiating ARP Ping Scan at 16:34

Scanning 3 hosts [1 port/host]

Completed ARP Ping Scan at 16:34, 0.21s elapsed (3 total hosts)

Host 10.190.1.0 appears to be down.

Host 10.190.1.1 appears to be down.

Host 10.190.1.2 appears to be down.

Initiating Parallel DNS resolution of 1 host. at 16:34

Completed Parallel DNS resolution of 1 host. at 16:34, 0.15s elapsed

Host 10.190.1.3 appears to be up.

Initiating ARP Ping Scan at 16:34

Scanning 12 hosts [1 port/host]

Completed ARP Ping Scan at 16:34, 0.41s elapsed (12 total hosts)

Host 10.190.1.4 appears to be down.

Host 10.190.1.5 appears to be down.

Host 10.190.1.6 appears to be down.

Host 10.190.1.7 appears to be down.

Host 10.190.1.8 appears to be down.

Host 10.190.1.9 appears to be down.

Host 10.190.1.10 appears to be down.

Host 10.190.1.11 appears to be down.

Host 10.190.1.12 appears to be down.

Host 10.190.1.13 appears to be down.

Host 10.190.1.14 appears to be down.

Host 10.190.1.15 appears to be down.

Read data files from: /opt/security/share/nmap

Nmap done: 16 IP addresses (1 host up) scanned in 0.818 seconds

          Raw packets sent: 30 (1260B) | Rcvd: 0 (0B)

-bash-3.00#

-bash-3.00# ping 10.190.1.8

PING 10.190.1.8 (10.190.1.8) 56(84) bytes of data.

64 bytes from 10.190.1.8: icmp_seq=0 ttl=126 time=0.413 ms

64 bytes from 10.190.1.8: icmp_seq=1 ttl=126 time=0.312 ms

64 bytes from 10.190.1.8: icmp_seq=2 ttl=126 time=0.320 ms





Thanks and Best Regards

Ji Xu

Software QA Engineer

Phone: (86)21 2405 7489
Services and Mobility Business Unit, Cisco Systems


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: