Re: NMAP scans detect all hosts active in a subnet, when in really not!

[David Fifield <david () bamsoftware com>]

On Mon, Sep 21, 2009 at 09:23:54AM -0600, Darren Shady wrote:
> I'm not too sure what's going on here.  Nmap 10.62.0.0/24 -s P results
> in the following exerpt:
>
> Host 10.62.0.246 is up (0.00s latency).
>
> Host 10.62.0.247 is up (0.00s latency).
>
> Host 10.62.0.248 is up (0.016s latency).
>
> Host 10.62.0.249 is up (0.00s latency).
>
> Host 10.62.0.250 is up (0.00s latency).
>
> Host 10.62.0.251 is up (0.00s latency).
>
> Host 10.62.0.252 is up (0.00s latency).
>
> Host 10.62.0.253 is up (0.00s latency).
>
> Host 10.62.0.254 is up (0.00s latency).
>
> Host 10.62.0.255 is up (0.016s latency).
>
> Nmap done: 256 IP addresses (256 hosts up) scanned in 2.11 seconds

What does it say when you add the --reason option to the command? The
hosts will still appear to be up but each one will have a message saying
why it is considered up.

> C:\Documents and Settings\dshady>nmap -V
> Nmap version 5.00 ( http://nmap.org )
>
> This subnet does not have 256 hosts up, I know it to have only a few
> active hosts.  This is a new problem.

What is a version number of Nmap that does not have the problem?

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org