Nmap Development mailing list archives
Re: simple cmd/flags for all icmp scan types?
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 6 Jul 2015 07:53:10 -0500
Mike, On Mon, Jul 6, 2015 at 6:20 AM, Mike . <dmciscobgp () hotmail com> wrote:
maybe a dumb question here, sorry. just wondering, if i wanted to do an ICMP scan and go through all the various types like mask/time/etc, is there a simple cmd set that will handle this? instead of going through each -PM/etc?
There is not a simple command for this, mostly because only a few of the ICMP parameter values [1] are valid for requests (most are responses to other packets or network situations). You could probably create an NSE script for this fairly easily if you wanted to.
last question since i am thinking about it. we are not allowed to combine a proto scan along with our others like -SU. why is this? a limitation with the stack or nmap itself?
I'm not aware of a technical reason these couldn't be combined, but the actual reason probably has something to do with output. I commented out that check and tried scanning -sSO, and both scans ran. Unfortunately, the TCP scan results were not output. Here's what I got: Nmap scan report for scanme.nmap.org (45.33.32.156) Host is up, received reset ttl 52 (0.064s latency). Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f rDNS record for 45.33.32.156: li982-156.members.linode.com Scanned at 2015-07-06 12:31:03 UTC for 28s Not shown: 283 closed protocols, 223 open|filtered protocols Reason: 223 no-responses and 30 proto-unreaches PROTOCOL STATE SERVICE REASON 1 open icmp proto-unreach ttl 52 6 open tcp proto-response ttl 52 132 open sctp proto-response ttl 52 Final times for host: srtt: 64220 rttvar: 45746 to: 247204 Note the column header "PROTOCOL" and the fact that the protocol numbers are displayed like "6" instead of like "80/tcp". It is possible that we could overcome these issues, since the XML and Grepable output formats could both tolerate mixed output, and the Normal format is not guaranteed to be anything but human-readable. I don't think, however, that there's really a demand for this kind of a change. It would be a lot of work and could make Nmap's output harder to understand. I'm willing to hear more from Nmap users, though, if they do want this implemented. Dan [1] https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- simple cmd/flags for all icmp scan types? Mike . (Jul 06)
- Re: simple cmd/flags for all icmp scan types? Daniel Miller (Jul 06)