ports/116778: security/nmap ping-scan misses some hosts

Mark Foster mark at foster.cc
Tue Apr 22 05:40:06 UTC 2008 

The following reply was made to PR ports/116778; it has been noted by GNATS.

From: Mark Foster <mark at foster.cc>
To: Daniel Roethlisberger <daniel at roe.ch>
Cc: bug-followup at FreeBSD.org
Subject: Re: ports/116778: security/nmap ping-scan misses some hosts
Date: Mon, 21 Apr 2008 22:17:51 -0700

 Daniel Roethlisberger wrote:
 > Mark, would you try to reproduce the problem using the updated
 > nmap-4.60, please?  Please also try whether using --scan-delay 10 (or
 > 20, or 60) makes a difference.  Thanks!
 >
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=116778
 >
 >   
 In 4.20 & 4.60 the problem is resolved by using --scan-delay 10.
 root at monk:~>nmap -sP -n -PE --packet-trace 192.168.1.1-11
 
 Starting Nmap 4.20 ( http://insecure.org ) at 2008-04-21 22:14 PDT
 SENT (0.0100s) ARP who-has 192.168.1.1 tell 192.168.1.9
 SENT (0.0100s) ARP who-has 192.168.1.2 tell 192.168.1.9
 SENT (0.0100s) ARP who-has 192.168.1.3 tell 192.168.1.9
 SENT (0.0100s) ARP who-has 192.168.1.4 tell 192.168.1.9
 SENT (0.0100s) ARP who-has 192.168.1.5 tell 192.168.1.9
 SENT (0.0100s) ARP who-has 192.168.1.6 tell 192.168.1.9
 SENT (0.0100s) ARP who-has 192.168.1.7 tell 192.168.1.9
 SENT (0.0100s) ARP who-has 192.168.1.8 tell 192.168.1.9
 SENT (0.1110s) ARP who-has 192.168.1.1 tell 192.168.1.9
 SENT (0.1110s) ARP who-has 192.168.1.2 tell 192.168.1.9
 SENT (0.1110s) ARP who-has 192.168.1.3 tell 192.168.1.9
 SENT (0.1110s) ARP who-has 192.168.1.4 tell 192.168.1.9
 SENT (0.1110s) ARP who-has 192.168.1.5 tell 192.168.1.9
 SENT (0.1110s) ARP who-has 192.168.1.6 tell 192.168.1.9
 SENT (0.1110s) ARP who-has 192.168.1.7 tell 192.168.1.9
 SENT (0.1110s) ARP who-has 192.168.1.8 tell 192.168.1.9
 RCVD (0.0100s) ARP reply 192.168.1.1 is-at 00:B0:D0:47:76:48
 Host 192.168.1.1 appears to be up.
 MAC Address: 00:B0:D0:47:76:48 (Dell Computer)
 Host 192.168.1.9 appears to be up.
 SENT (0.3770s) ARP who-has 192.168.1.10 tell 192.168.1.9
 SENT (0.3770s) ARP who-has 192.168.1.11 tell 192.168.1.9
 SENT (0.4780s) ARP who-has 192.168.1.10 tell 192.168.1.9
 SENT (0.4790s) ARP who-has 192.168.1.11 tell 192.168.1.9
 RCVD (0.3770s) ARP reply 192.168.1.10 is-at 00:19:DB:4B:AB:CE
 Host 192.168.1.10 appears to be up.
 MAC Address: 00:19:DB:4B:AB:CE (Unknown)
 Nmap finished: 11 IP addresses (3 hosts up) scanned in 0.584 seconds
 
 root at monk:~>nmap -sP -n -PE --packet-trace --scan-delay 10 192.168.1.1-11
 
 Starting Nmap 4.20 ( http://insecure.org ) at 2008-04-21 22:14 PDT
 SENT (0.0200s) ARP who-has 192.168.1.1 tell 192.168.1.9
 SENT (0.1210s) ARP who-has 192.168.1.1 tell 192.168.1.9
 RCVD (0.0200s) ARP reply 192.168.1.1 is-at 00:B0:D0:47:76:48
 SENT (0.2090s) ARP who-has 192.168.1.2 tell 192.168.1.9
 SENT (0.3100s) ARP who-has 192.168.1.2 tell 192.168.1.9
 SENT (0.4110s) ARP who-has 192.168.1.3 tell 192.168.1.9
 RCVD (0.1210s) ARP reply 192.168.1.1 is-at 00:B0:D0:47:76:48
 RCVD (0.4110s) ARP reply 192.168.1.3 is-at 00:B0:D0:7E:6C:7E
 SENT (0.4110s) ARP who-has 192.168.1.4 tell 192.168.1.9
 SENT (0.5120s) ARP who-has 192.168.1.4 tell 192.168.1.9
 SENT (0.6130s) ARP who-has 192.168.1.5 tell 192.168.1.9
 SENT (0.7140s) ARP who-has 192.168.1.5 tell 192.168.1.9
 SENT (0.8160s) ARP who-has 192.168.1.6 tell 192.168.1.9
 SENT (0.9170s) ARP who-has 192.168.1.6 tell 192.168.1.9
 SENT (1.0170s) ARP who-has 192.168.1.7 tell 192.168.1.9
 SENT (1.1180s) ARP who-has 192.168.1.7 tell 192.168.1.9
 SENT (1.2190s) ARP who-has 192.168.1.8 tell 192.168.1.9
 SENT (1.3200s) ARP who-has 192.168.1.8 tell 192.168.1.9
 Host 192.168.1.1 appears to be up.
 MAC Address: 00:B0:D0:47:76:48 (Dell Computer)
 Host 192.168.1.3 appears to be up.
 MAC Address: 00:B0:D0:7E:6C:7E (Dell Computer)
 Host 192.168.1.9 appears to be up.
 SENT (1.6000s) ARP who-has 192.168.1.10 tell 192.168.1.9
 SENT (1.7010s) ARP who-has 192.168.1.10 tell 192.168.1.9
 RCVD (1.6000s) ARP reply 192.168.1.10 is-at 00:19:DB:4B:AB:CE
 SENT (1.7900s) ARP who-has 192.168.1.11 tell 192.168.1.9
 SENT (1.8920s) ARP who-has 192.168.1.11 tell 192.168.1.9
 RCVD (1.7010s) ARP reply 192.168.1.10 is-at 00:19:DB:4B:AB:CE
 RCVD (1.7900s) ARP reply 192.168.1.11 is-at 08:00:20:C9:A6:15
 Host 192.168.1.10 appears to be up.
 MAC Address: 00:19:DB:4B:AB:CE (Unknown)
 Host 192.168.1.11 appears to be up.
 MAC Address: 08:00:20:C9:A6:15 (SUN Microsystems)
 Nmap finished: 11 IP addresses (5 hosts up) scanned in 1.990 seconds

More information about the freebsd-ports-bugs mailing list