ports/116778: security/nmap ping-scan misses some hosts
Mark Foster
mark at foster.cc
Tue Apr 22 05:40:06 UTC 2008
The following reply was made to PR ports/116778; it has been noted by GNATS.
From: Mark Foster <mark at foster.cc>
To: Daniel Roethlisberger <daniel at roe.ch>
Cc: bug-followup at FreeBSD.org
Subject: Re: ports/116778: security/nmap ping-scan misses some hosts
Date: Mon, 21 Apr 2008 22:17:51 -0700
Daniel Roethlisberger wrote:
> Mark, would you try to reproduce the problem using the updated
> nmap-4.60, please? Please also try whether using --scan-delay 10 (or
> 20, or 60) makes a difference. Thanks!
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=116778
>
>
In 4.20 & 4.60 the problem is resolved by using --scan-delay 10.
root at monk:~>nmap -sP -n -PE --packet-trace 192.168.1.1-11
Starting Nmap 4.20 ( http://insecure.org ) at 2008-04-21 22:14 PDT
SENT (0.0100s) ARP who-has 192.168.1.1 tell 192.168.1.9
SENT (0.0100s) ARP who-has 192.168.1.2 tell 192.168.1.9
SENT (0.0100s) ARP who-has 192.168.1.3 tell 192.168.1.9
SENT (0.0100s) ARP who-has 192.168.1.4 tell 192.168.1.9
SENT (0.0100s) ARP who-has 192.168.1.5 tell 192.168.1.9
SENT (0.0100s) ARP who-has 192.168.1.6 tell 192.168.1.9
SENT (0.0100s) ARP who-has 192.168.1.7 tell 192.168.1.9
SENT (0.0100s) ARP who-has 192.168.1.8 tell 192.168.1.9
SENT (0.1110s) ARP who-has 192.168.1.1 tell 192.168.1.9
SENT (0.1110s) ARP who-has 192.168.1.2 tell 192.168.1.9
SENT (0.1110s) ARP who-has 192.168.1.3 tell 192.168.1.9
SENT (0.1110s) ARP who-has 192.168.1.4 tell 192.168.1.9
SENT (0.1110s) ARP who-has 192.168.1.5 tell 192.168.1.9
SENT (0.1110s) ARP who-has 192.168.1.6 tell 192.168.1.9
SENT (0.1110s) ARP who-has 192.168.1.7 tell 192.168.1.9
SENT (0.1110s) ARP who-has 192.168.1.8 tell 192.168.1.9
RCVD (0.0100s) ARP reply 192.168.1.1 is-at 00:B0:D0:47:76:48
Host 192.168.1.1 appears to be up.
MAC Address: 00:B0:D0:47:76:48 (Dell Computer)
Host 192.168.1.9 appears to be up.
SENT (0.3770s) ARP who-has 192.168.1.10 tell 192.168.1.9
SENT (0.3770s) ARP who-has 192.168.1.11 tell 192.168.1.9
SENT (0.4780s) ARP who-has 192.168.1.10 tell 192.168.1.9
SENT (0.4790s) ARP who-has 192.168.1.11 tell 192.168.1.9
RCVD (0.3770s) ARP reply 192.168.1.10 is-at 00:19:DB:4B:AB:CE
Host 192.168.1.10 appears to be up.
MAC Address: 00:19:DB:4B:AB:CE (Unknown)
Nmap finished: 11 IP addresses (3 hosts up) scanned in 0.584 seconds
root at monk:~>nmap -sP -n -PE --packet-trace --scan-delay 10 192.168.1.1-11
Starting Nmap 4.20 ( http://insecure.org ) at 2008-04-21 22:14 PDT
SENT (0.0200s) ARP who-has 192.168.1.1 tell 192.168.1.9
SENT (0.1210s) ARP who-has 192.168.1.1 tell 192.168.1.9
RCVD (0.0200s) ARP reply 192.168.1.1 is-at 00:B0:D0:47:76:48
SENT (0.2090s) ARP who-has 192.168.1.2 tell 192.168.1.9
SENT (0.3100s) ARP who-has 192.168.1.2 tell 192.168.1.9
SENT (0.4110s) ARP who-has 192.168.1.3 tell 192.168.1.9
RCVD (0.1210s) ARP reply 192.168.1.1 is-at 00:B0:D0:47:76:48
RCVD (0.4110s) ARP reply 192.168.1.3 is-at 00:B0:D0:7E:6C:7E
SENT (0.4110s) ARP who-has 192.168.1.4 tell 192.168.1.9
SENT (0.5120s) ARP who-has 192.168.1.4 tell 192.168.1.9
SENT (0.6130s) ARP who-has 192.168.1.5 tell 192.168.1.9
SENT (0.7140s) ARP who-has 192.168.1.5 tell 192.168.1.9
SENT (0.8160s) ARP who-has 192.168.1.6 tell 192.168.1.9
SENT (0.9170s) ARP who-has 192.168.1.6 tell 192.168.1.9
SENT (1.0170s) ARP who-has 192.168.1.7 tell 192.168.1.9
SENT (1.1180s) ARP who-has 192.168.1.7 tell 192.168.1.9
SENT (1.2190s) ARP who-has 192.168.1.8 tell 192.168.1.9
SENT (1.3200s) ARP who-has 192.168.1.8 tell 192.168.1.9
Host 192.168.1.1 appears to be up.
MAC Address: 00:B0:D0:47:76:48 (Dell Computer)
Host 192.168.1.3 appears to be up.
MAC Address: 00:B0:D0:7E:6C:7E (Dell Computer)
Host 192.168.1.9 appears to be up.
SENT (1.6000s) ARP who-has 192.168.1.10 tell 192.168.1.9
SENT (1.7010s) ARP who-has 192.168.1.10 tell 192.168.1.9
RCVD (1.6000s) ARP reply 192.168.1.10 is-at 00:19:DB:4B:AB:CE
SENT (1.7900s) ARP who-has 192.168.1.11 tell 192.168.1.9
SENT (1.8920s) ARP who-has 192.168.1.11 tell 192.168.1.9
RCVD (1.7010s) ARP reply 192.168.1.10 is-at 00:19:DB:4B:AB:CE
RCVD (1.7900s) ARP reply 192.168.1.11 is-at 08:00:20:C9:A6:15
Host 192.168.1.10 appears to be up.
MAC Address: 00:19:DB:4B:AB:CE (Unknown)
Host 192.168.1.11 appears to be up.
MAC Address: 08:00:20:C9:A6:15 (SUN Microsystems)
Nmap finished: 11 IP addresses (5 hosts up) scanned in 1.990 seconds
More information about the freebsd-ports-bugs
mailing list