Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: nmap 5.21 sends protocol unreachable

From: Derek <depierjack () msn com>
Date: Sat, 30 Jan 2010 19:04:54 -0500

I think you are misunderstanding what I said, when I run Nmap with the following commands
Nmap -sP -PE scanme.nmap.org on my Windows 7 PC, Windows sends an ICMP Protocol Unreachable back to scanme.nmap.org. 
Issuing the same command on my Windows XP PC, Windows does not send packet back after getting the reply. 
Using the windows ping utility from both the 7 and XP machines to scanme.nmap.org, both receive the replies and do not 
send anything back to scanme.nmap.org as expected. To answer your question, when I ping the 7 machine using the XP 
machine with the windows ping utility, the XP only receives echo replies. And when I ping XP from 7, again using the 
windows ping command, windows 7 gets replies as expected. So my question is, is it possible to send ICMP reply packets 
to the target machine for example, scanme.nmap.org using some other network tool or to code this ability into Nmap 
itself?

Derek
 

Date: Thu, 28 Jan 2010 20:38:49 -0700
From: david () bamsoftware com
To: depierjack () msn com
CC: nmap-dev () insecure org
Subject: Re: nmap 5.21 sends protocol unreachable

On Thu, Jan 28, 2010 at 07:38:50PM -0500, Derek wrote:


I was actually thinking earlier today that maybe it was Windows sending
the packet because it is not expecting the reply, so I then tried it on
a Windows XP machine to see if it was a Windows thing. It seems to be a
Windows 7 specific feature, because the Windows XP PC did NOT send an
ICMP Protocol Unreachable message, in fact it didn't send any packet at
all after receiving the unexpected reply. So with that being said, is
it possible to forge echo, timestamp, or address mask replies to check
for live hosts, not with nmap I know, but with some other network tool?
If not, how difficult would it be to code such a feature into nmap or
just as a stand alone program?


If Windows is responding with destination unreachables to
echo/timestamp/mask replies, then it is probably doing so with requests
too. (When you ping the Windows 7 computer do you get an echo reply or a
destination unreachable?) Unless it's dropping ICMP requests and only
sending unreachables for replies, then Nmap's usual ICMP pings will be
just as effective in this case and also more generally useful.

David Fifield

                                          
_________________________________________________________________
Hotmail: Free, trusted and rich email service.
http://clk.atdmt.com/GBL/go/196390708/direct/01/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: