Re: -sP showing all hosts in request as up

[Terry <td3201 () gmail com>]

On Wed, Aug 26, 2009 at 10:17 AM, David Fifield<david () bamsoftware com> wrote:
> On Wed, Aug 26, 2009 at 09:58:30AM -0500, Terry wrote:
> > I am confused about some output I am seeing.  Why would nmap -sP
> > subnet/24 return every IP in the block as up when they clearly arent?
> > This happens even on the local subnet.  I have a feeling the answer is
> > very easy I am just stuck.
>
> This can happen if a network device is faking ARP replies from
> nonexistent hosts. Try scanning with the --send-ip option. This thread
> has some more information.
>
> http://seclists.org/nmap-dev/2009/q3/0338.html
>
> David Fifield

Thank you for your reply.  Here's a little transcript of my problem
after trying the -send-ip option:

[root@omajelut01 sbin]# nmap -sP --send-ip --reason 10.0.1.112-120

Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-26 10:33 CDT
Host 10.0.1.112 is up, received echo-reply (0.0029s latency).
Host 10.0.1.113 is up, received reset (0.00077s latency).
Host 10.0.1.114 is up, received echo-reply (0.0019s latency).
Host 10.0.1.115 is up, received reset (0.0011s latency).
Host 10.0.1.116 is up, received echo-reply (0.0026s latency).
Host 10.0.1.117 is up, received echo-reply (0.0024s latency).
Host 10.0.1.118 is up, received echo-reply (0.0024s latency).
Host 10.0.1.119 is up, received reset (0.00075s latency).
Host 10.0.1.120 is up, received echo-reply (0.0025s latency).
Nmap done: 9 IP addresses (9 hosts up) scanned in 3.30 seconds

[root@omajelut01 sbin]# ping -c 1 -W 2 10.0.1.113
PING 10.0.1.113 (10.0.1.113) 56(84) bytes of data.

--- 10.0.1.113 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org