Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: simple cmd/flags for all icmp scan types?

From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 6 Jul 2015 07:53:10 -0500
Mike,

On Mon, Jul 6, 2015 at 6:20 AM, Mike . <dmciscobgp () hotmail com> wrote:


maybe a dumb question here, sorry. just wondering, if i wanted to do an
ICMP scan and go through all the various types like mask/time/etc, is there
a simple cmd set that will handle this? instead of going through each
-PM/etc?



There is not a simple command for this, mostly because only a few of the
ICMP parameter values [1] are valid for requests (most are responses to
other packets or network situations). You could probably create an NSE
script for this fairly easily if you wanted to.



last question since i am thinking about it. we are not allowed to combine
a proto scan along with our others like -SU. why is this? a limitation with
the stack or nmap itself?



I'm not aware of a technical reason these couldn't be combined, but the
actual reason probably has something to do with output. I commented out
that check and tried scanning -sSO, and both scans ran. Unfortunately, the
TCP scan results were not output. Here's what I got:

Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up, received reset ttl 52 (0.064s latency).
Other addresses for scanme.nmap.org (not scanned):
2600:3c01::f03c:91ff:fe18:bb2f
rDNS record for 45.33.32.156: li982-156.members.linode.com
Scanned at 2015-07-06 12:31:03 UTC for 28s
Not shown: 283 closed protocols, 223 open|filtered protocols
Reason: 223 no-responses and 30 proto-unreaches
PROTOCOL STATE SERVICE REASON
1        open  icmp    proto-unreach ttl 52
6        open  tcp     proto-response ttl 52
132      open  sctp    proto-response ttl 52
Final times for host: srtt: 64220 rttvar: 45746  to: 247204

Note the column header "PROTOCOL" and the fact that the protocol numbers
are displayed like "6" instead of like "80/tcp". It is possible that we
could overcome these issues, since the XML and Grepable output formats
could both tolerate mixed output, and the Normal format is not guaranteed
to be anything but human-readable.

I don't think, however, that there's really a demand for this kind of a
change. It would be a lot of work and could make Nmap's output harder to
understand. I'm willing to hear more from Nmap users, though, if they do
want this implemented.

Dan

[1]  https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: