Nmap Development mailing list archives
Re: nmap 5.21 sends protocol unreachable
From: David Fifield <david () bamsoftware com>
Date: Thu, 28 Jan 2010 20:38:49 -0700
On Thu, Jan 28, 2010 at 07:38:50PM -0500, Derek wrote:
I was actually thinking earlier today that maybe it was Windows sending the packet because it is not expecting the reply, so I then tried it on a Windows XP machine to see if it was a Windows thing. It seems to be a Windows 7 specific feature, because the Windows XP PC did NOT send an ICMP Protocol Unreachable message, in fact it didn't send any packet at all after receiving the unexpected reply. So with that being said, is it possible to forge echo, timestamp, or address mask replies to check for live hosts, not with nmap I know, but with some other network tool? If not, how difficult would it be to code such a feature into nmap or just as a stand alone program?
If Windows is responding with destination unreachables to echo/timestamp/mask replies, then it is probably doing so with requests too. (When you ping the Windows 7 computer do you get an echo reply or a destination unreachable?) Unless it's dropping ICMP requests and only sending unreachables for replies, then Nmap's usual ICMP pings will be just as effective in this case and also more generally useful. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap 5.21 sends protocol unreachable Derek (Jan 28)
- Re: nmap 5.21 sends protocol unreachable David Fifield (Jan 28)
- RE: nmap 5.21 sends protocol unreachable Derek (Jan 28)
- Re: nmap 5.21 sends protocol unreachable David Fifield (Jan 28)
- RE: nmap 5.21 sends protocol unreachable Derek (Jan 30)
- Re: nmap 5.21 sends protocol unreachable David Fifield (Jan 30)
- RE: nmap 5.21 sends protocol unreachable Derek (Jan 28)
- Re: nmap 5.21 sends protocol unreachable David Fifield (Jan 28)