Nmap Development mailing list archives
Re: Target host got nmap "down" but ping is ok
From: David Fifield <david () bamsoftware com>
Date: Thu, 30 Oct 2008 17:07:43 -0600
On Tue, Oct 21, 2008 at 09:58:30AM +0800, Ji Xu (jix2) wrote:
On Mon, Oct 20, 2008 at 4:56 AM, Ji Xu (jix2) <jix2 () cisco com> wrote:I'm using nmap for security test and I have one question here. My target host is 10.190.1.8 and attacker is 10.190.1.3, on attacker host I enter "nmap -v -sP 10.190.1.3/28", it returns that 10.190.1.8 is down, but when ping on the same host, it's reachable. So could anyone tell me where the problem is? -bash-3.00# nmap -v -sP 10.190.1.3/28 Starting Nmap 4.68 ( http://nmap.org ) at 2008-10-20 16:34 CST Warning: File ./nmap-services exists, but Nmap is using /opt/security/share/nmap/nmap-services for security and consistency reasons. set NMAPDIR=. to give priority to files in your local directory (may affect the other data files too). Initiating ARP Ping Scan at 16:34 Scanning 3 hosts [1 port/host] Completed ARP Ping Scan at 16:34, 0.21s elapsed (3 total hosts) Host 10.190.1.0 appears to be down. Host 10.190.1.1 appears to be down. Host 10.190.1.2 appears to be down. Initiating Parallel DNS resolution of 1 host. at 16:34 Completed Parallel DNS resolution of 1 host. at 16:34, 0.15s elapsed Host 10.190.1.3 appears to be up. Initiating ARP Ping Scan at 16:34 Scanning 12 hosts [1 port/host] Completed ARP Ping Scan at 16:34, 0.41s elapsed (12 total hosts) Host 10.190.1.4 appears to be down. Host 10.190.1.5 appears to be down. Host 10.190.1.6 appears to be down. Host 10.190.1.7 appears to be down. Host 10.190.1.8 appears to be down. Host 10.190.1.9 appears to be down. Host 10.190.1.10 appears to be down. Host 10.190.1.11 appears to be down. Host 10.190.1.12 appears to be down. Host 10.190.1.13 appears to be down. Host 10.190.1.14 appears to be down. Host 10.190.1.15 appears to be down. Read data files from: /opt/security/share/nmap Nmap done: 16 IP addresses (1 host up) scanned in 0.818 seconds Raw packets sent: 30 (1260B) | Rcvd: 0 (0B) -bash-3.00# ping 10.190.1.8 PING 10.190.1.8 (10.190.1.8) 56(84) bytes of data. 64 bytes from 10.190.1.8: icmp_seq=0 ttl=126 time=0.413 ms 64 bytes from 10.190.1.8: icmp_seq=1 ttl=126 time=0.312 ms 64 bytes from 10.190.1.8: icmp_seq=2 ttl=126 time=0.320 msCould you run the following commands: nmap -sP -n -d3 --packet-trace 10.190.1.3/28 nmap -sP --send-ip -n -d3 --packet-trace 10.190.1.3/28 And send the output? This will help diagnose the problem. Cheers, Michael PattrickThanks for your prompt response. I have got the logs and attached. In addition, in order to scan the tcp port on 10.190.1.8, I have to add option -PN, otherwise the scan will fail, I think there are caused by same issue.
Thanks for the logs. According to them, neither ARP ping scan nor ACK/echo ping scan (--send-ip) found any hosts up. That's strange, because -sP --send-ip sends the same kind of probes that the ping command sends. The only thing I can think of is that perhaps Nmap is sending on the wrong interface. I see from the logs that Nmap is sending on eth1. Does that sound right? What is the output of nmap --iflist Do you have any way of telling what interface the ping command is sending on (like with a packet capture program)? You said: "I have to add option -PN, otherwise the scan will fail." Does that mean that the scan succeeds when you use -PN? You get the right port output and everything? That would be interesting. If 10.190.1.8 has an open port, try running nmap -sP -PS<port> 10.190.1.8 Try the other -P options listed at http://nmap.org/book/man-host-discovery.html; if any of them work please let us know. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Target host got nmap "down" but ping is ok Ji Xu (jix2) (Oct 20)
- Re: Target host got nmap "down" but ping is ok Michael Pattrick (Oct 20)
- RE: Target host got nmap "down" but ping is ok Ji Xu (jix2) (Oct 20)
- Re: Target host got nmap "down" but ping is ok David Fifield (Oct 30)
- RE: Target host got nmap "down" but ping is ok Ji Xu (jix2) (Oct 20)
- Re: Target host got nmap "down" but ping is ok Michael Pattrick (Oct 20)