Re: options -sn not just pinging

[Daniel Miller <bonsaiviking () gmail com>]

Christopher,

This is intended behavior [1]. Nmap is primarily a port scanner. To avoid
port scanning empty/nonresponsive IP addresses, Nmap performs a "host
discovery" sweep that is often called a "ping sweep." The probes that are
chosen are designed to get a fast response from the majority of
IP-connected systems, and include TCP SYN and ACK packets as well as ICMP
Echo Request and Timestamp Request messages. The -sn option is used to skip
('n') the port scan phase ('-s') while still performing the host discovery.
It used to be documented as -sP and called "ping scan" but was renamed
because it's not a separate scan type, but just one part of a normal Nmap
scan.

It is a misconception that "ping" means only ICMP Echo Request. This is the
message sent by the ping utilities in various Unix/Linux and Windows
systems, but the word "ping" does not appear in RFC 792 "Internet Control
Message Protocol." Instead, it describes the behavior of call-and-response,
and is onomatopoeia derived from the sound produced by active sonar.

Dan

[1] https://nmap.org/book/man-host-discovery.html

On Mon, Apr 17, 2017 at 4:17 PM, Christopher C Thornton <
christopher.thornton () dteenergy com> wrote:

> When I run this scan
>
> nmap -sn 192.168.9.0/25
>
>
>
> nmap pings the address range (expected result )
>
> but it also sends syn packets to tcp port 443 on each of the IP’s
>
> And it sends ack packets to port 80
>
>
>
> I noticed this back in pervious versions and thought someone would submit
> a bug fix.
>
> I currently have version 7.40 for windows.
>
> Let me know if you need any more information.
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/