Re: NMAP Issue with Ping

[David Fifield <david () bamsoftware com>]

On Mon, Nov 09, 2009 at 10:30:07PM -0800, Louay Saleh wrote:
> I have a strange issue when using Nmap. I have a personal firewall.
> When it is enabled, I always get that the target of the scanning as
> down (although I am sure that the target is up since I did normal
> ping from my CMD and it was replying!) and I have to use the -PN
> switch. I thought my firewall was blocking the received packets of the
> TCP ping, but when I tried to do a Ping scan (using the -sP swicth, in
> order to do ICMP ping), I got the same issue. If I disable my
> firewall, everything is OK. I revised my firewall rules, but I could
> not find anything blocking the reply from either the TCP ping and the
> Ping scans of Nmap. It is very strange....this means that the firewall
> blocks only the ping replies (whether TCP or ICMP) related to Nmap,
> and allows the normal ping. This is the only conclusion I reached, but
> why is that?
>  
> I appreciate your help in advance.

That's strange, because Nmap sends the same kind of probes that the ICMP
ping program sends. Try running your Nmap scan again, adding the option
"--data-length 64". Add the --packet-trace option to see what Nmap is
sending and receiving.

Nmap always does the same ping probes by default, whether you're port
scanning or only pinging with -sP. Even without -sP Nmap will send an
ICMP ping as one of its four host discovery probes.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/