Re: nmap 5.21 sends protocol unreachable

[David Fifield <david () bamsoftware com>]

On Sat, Jan 30, 2010 at 07:04:54PM -0500, Derek wrote:
> I think you are misunderstanding what I said, when I run Nmap with the
> following commands
> Nmap -sP -PE scanme.nmap.org on my Windows 7 PC, Windows sends an ICMP Protocol
> Unreachable back to scanme.nmap.org.
> Issuing the same command on my Windows XP PC, Windows does not send packet back
> after getting the reply.
> Using the windows ping utility from both the 7 and XP machines to
> scanme.nmap.org, both receive the replies and do not send anything back to
> scanme.nmap.org as expected. To answer your question, when I ping the 7 machine
> using the XP machine with the windows ping utility, the XP only receives echo
> replies. And when I ping XP from 7, again using the windows ping command,
> windows 7 gets replies as expected. So my question is, is it possible to send
> ICMP reply packets to the target machine for example, scanme.nmap.org using
> some other network tool or to code this ability into Nmap itself?

It would be possible to build the capability to send unsolicited ICMP
*replies* into Nmap, and there are probably tools that can be made to do
it, but why? Do you mean to use it as a form of host discovery, as
Windows 7 appears to respond to unsolicted replies? It doesn't seem
worth it, because normal ICMP requests are going to be effective against
many more operating systems. I'm pretty sure scanme.nmap.org is going to
ignore them.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/