Re: -PS command and Host Discovery

[Nelson <komseh () gmail com>]

By default -PS will send a SYN Ping to port 80.  You should specify a list
of ports for it to work properly. Example:  -PS21,23,25,80,443,139,445 .
You may also want to try -PA and determine what provides the most accurate
results.  I wish we could use the --top-ports feature for -PS and -PA.

On Fri, Oct 24, 2008 at 12:03 PM, Tony Cap <tonycap26 () gmail com> wrote:

> Question concerning the -PS command and more. I may not be using it
> correctly but this is what I've been using to do weekly scans on our
> networks:
>
> nmap -T4 -v -PS -sS -A -p- -oA d:\nmap\output\week3\vlanxx -iL
> d:\nmap\batch\week3\vlanxx.txt
>
> Running nmap version 4.68 on a Windows Server 2003
>
> I have referenced:
> http://nmap.org/book/man-host-discovery.html
>
> First off - am I using the -PS switch correctly?  Does this switch over
> ride the default or does it attempt to do host discovery both by deafult
> (TCP ACK) AND the TCP SYN flag set?
>
>
> Second - Major differences on this particular vlan compared to others...
>
> One particular server has 30,000+ ports open with the -PS, only approx 30
> with out it.
> With the -PS I have only 4 host reporting on this vlan,  compared to 30
> with out it.
>
>
> Can I get a brief description of this switch and opinions on its use.  OR
> for that matter correct switches to be used when doing weekly host
> discovery.  Any input would be greatly appreciated.
>
> ALSO - I'm using NDIFF to compare my weekly scans.  Great utility - looking
> forward to further updates on that...
>
> Thanks!
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org