Nmap Development mailing list archives
Re: PA vs PS
From: David Fifield <david () bamsoftware com>
Date: Thu, 26 Feb 2009 08:51:06 -0700
On Thu, Feb 26, 2009 at 03:16:39AM -0600, fred jones wrote:
I'm having trouble with PA and PS options. Regardless of whether I use PA or PS (as either a super user or normal) both send only a SYN flag. I was under the impression that PA was supposed to set an ACK flag, but no matter what I try it still only sets a SYN flag. I'm using variations of: sudo ./nmap -v -PA 192.168.1.1 -p80 I've tried this on both os x, and slackware. Sorry for such a newbie question, but google and the man page have not been of much assistance. Thanks.
It's probably because you're scanning on a local network and Nmap is using ARP ping instead of what you requested. On a LAN there's no point to sending an IP-based ping because you would need to do an ARP request first to send the IP packet, and by the time you get the ARP reply you already know the host is up. That said, you can force the use of non-ARP pings with the --send-ip option. The SYN packet you see is the port scan packet to port 80. Try using the --packet-trace option to see exactly what's being sent. Compare the output from these two commands: sudo ./nmap -n -sP -PA 192.168.1.1 --packet-trace sudo ./nmap -n -sP -PA scanme.nmap.org --packet-trace In the first case you'll see ARP ping and in the second ACK ping. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- PA vs PS fred jones (Feb 26)
- Re: PA vs PS David Fifield (Feb 26)