Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Call for testers: Nping 0.1BETA1 Released.

From: David Fifield <david () bamsoftware com>
Date: Fri, 7 Aug 2009 14:40:55 -0600
On Fri, Aug 07, 2009 at 11:11:40AM +0100, Luis M. wrote:

Yes, when Nping is run by a user without root privileges, the default
is to attempt TCP connections using the traditional connect() system
call.  Other ping utilities choose ICMP Echo by default because they are
installed setuid root, so regular users can still access the raw socket
interface and send ICMP packets.

I choose port 80 because  although not all machines have it open, a lot
of them do. However, that's only the default behavior, you can choose
any port you want supplying "-p N" where N is a port number or even a
port range (e.g: "-p 443"  pings port 443 and "-p 1-1024" pings the
first 1024 ports). 


In our ping probe effectiveness research we found that if you don't have
a priori knowledge of a host, the best single non-root probes are SYN to
port 443 or 80, with 443 being slightly better. These are not bad
probes, finding about 40% of hosts that respond to any kind of probe.
ICMP echo is the only thing better; it gets about 60%.

http://www.bamsoftware.com/wiki/Nmap/EffectivenessOfPingProbes#a-20090525

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: