ports/116778: nmap ping-scan misses some hosts

Mark D. Foster mark at foster.cc
Mon Oct 1 05:30:03 UTC 2007 

>Number:         116778
>Category:       ports
>Synopsis:       nmap ping-scan misses some hosts
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 01 05:30:02 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Mark Foster
>Release:        FreeBSD 5.5-RELEASE-p15 i386
>Organization:
>Environment:
System: FreeBSD franco.foster.dmz 5.5-RELEASE-p15 FreeBSD
5.5-RELEASE-p15 #23: Thu Aug 2 02:47:53 PDT 2007
root at franco.foster.dmz:/usr/obj/usr/src/sys/FRANCO1 i386

FreeBSD sonar.foster.dmz 6.2-RELEASE-p6 FreeBSD 6.2-RELEASE-p6 #2: Fri
Jul 13 02:58:24 PDT 2007
root at sonar.foster.dmz:/usr/obj/usr/src/sys/GENERIC  sparc64

	
>Description:
Using nmap to ping-scan a network range gives inconsistent results.
Certain hosts that are definitely UP are recognized as down when using a
"range". This seems to be specific to FreeBSD
as the same version of nmap (4.20) on a linux box correctly sees the
hosts as UP.

>How-To-Repeat:
Hosts 192.168.1.1, .2 and .3 are all UP.

nmap -sP -PE 192.168.1.1-3
Result on FreeBSD: (flavors seen above)
Starting Nmap 4.20 ( http://insecure.org ) at 2007-09-30 22:10 PDT
Host HORTON.foster.dmz (192.168.1.2) appears to be up.
MAC Address: 00:B0:D0:47:76:48 (Dell Computer)
Nmap finished: 3 IP addresses (1 host up) scanned in 0.887 seconds

Result on Linux:

Starting Nmap 4.20 ( http://insecure.org ) at 2007-09-30 22:12 PDT
Host gw.foster.dmz (192.168.1.1) appears to be up.
MAC Address: 00:0F:B5:1F:89:D2 (Netgear)
Host HORTON.foster.dmz (192.168.1.2) appears to be up.
MAC Address: 00:B0:D0:47:76:48 (Dell Computer)
Host franco.foster.dmz (192.168.1.3) appears to be up.
MAC Address: 00:B0:D0:7E:6C:7E (Dell Computer)
Nmap finished: 3 IP addresses (3 hosts up) scanned in 0.203 seconds

The 192.168.1.1 host is not seen be FreeBSD. Same holds true for another
host 192.168.1.11. Also, if I run nmap -sP -PE 192.168.1.1 on FreeBSD it
DOES see the host as UP which is correct.
/tmp root at franco>nmap -sP -PE 192.168.1.1

Starting Nmap 4.20 ( http://insecure.org ) at 2007-09-30 22:20 PDT
Host gw.foster.dmz (192.168.1.1) appears to be up.
MAC Address: 00:0F:B5:1F:89:D2 (Netgear)
Nmap finished: 1 IP address (1 host up) scanned in 0.435 seconds

>Fix:
Unknown, but I am happy to offer tcpdump or ktrace or any other output
if it helps.

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list