Date: Tue, 22 Apr 2008 05:40:05 GMT From: Mark Foster <mark@foster.cc> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/116778: security/nmap ping-scan misses some hosts Message-ID: <200804220540.m3M5e5H2096084@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/116778; it has been noted by GNATS. From: Mark Foster <mark@foster.cc> To: Daniel Roethlisberger <daniel@roe.ch> Cc: bug-followup@FreeBSD.org Subject: Re: ports/116778: security/nmap ping-scan misses some hosts Date: Mon, 21 Apr 2008 22:17:51 -0700 Daniel Roethlisberger wrote: > Mark, would you try to reproduce the problem using the updated > nmap-4.60, please? Please also try whether using --scan-delay 10 (or > 20, or 60) makes a difference. Thanks! > > http://www.freebsd.org/cgi/query-pr.cgi?pr=116778 > > In 4.20 & 4.60 the problem is resolved by using --scan-delay 10. root@monk:~>nmap -sP -n -PE --packet-trace 192.168.1.1-11 Starting Nmap 4.20 ( http://insecure.org ) at 2008-04-21 22:14 PDT SENT (0.0100s) ARP who-has 192.168.1.1 tell 192.168.1.9 SENT (0.0100s) ARP who-has 192.168.1.2 tell 192.168.1.9 SENT (0.0100s) ARP who-has 192.168.1.3 tell 192.168.1.9 SENT (0.0100s) ARP who-has 192.168.1.4 tell 192.168.1.9 SENT (0.0100s) ARP who-has 192.168.1.5 tell 192.168.1.9 SENT (0.0100s) ARP who-has 192.168.1.6 tell 192.168.1.9 SENT (0.0100s) ARP who-has 192.168.1.7 tell 192.168.1.9 SENT (0.0100s) ARP who-has 192.168.1.8 tell 192.168.1.9 SENT (0.1110s) ARP who-has 192.168.1.1 tell 192.168.1.9 SENT (0.1110s) ARP who-has 192.168.1.2 tell 192.168.1.9 SENT (0.1110s) ARP who-has 192.168.1.3 tell 192.168.1.9 SENT (0.1110s) ARP who-has 192.168.1.4 tell 192.168.1.9 SENT (0.1110s) ARP who-has 192.168.1.5 tell 192.168.1.9 SENT (0.1110s) ARP who-has 192.168.1.6 tell 192.168.1.9 SENT (0.1110s) ARP who-has 192.168.1.7 tell 192.168.1.9 SENT (0.1110s) ARP who-has 192.168.1.8 tell 192.168.1.9 RCVD (0.0100s) ARP reply 192.168.1.1 is-at 00:B0:D0:47:76:48 Host 192.168.1.1 appears to be up. MAC Address: 00:B0:D0:47:76:48 (Dell Computer) Host 192.168.1.9 appears to be up. SENT (0.3770s) ARP who-has 192.168.1.10 tell 192.168.1.9 SENT (0.3770s) ARP who-has 192.168.1.11 tell 192.168.1.9 SENT (0.4780s) ARP who-has 192.168.1.10 tell 192.168.1.9 SENT (0.4790s) ARP who-has 192.168.1.11 tell 192.168.1.9 RCVD (0.3770s) ARP reply 192.168.1.10 is-at 00:19:DB:4B:AB:CE Host 192.168.1.10 appears to be up. MAC Address: 00:19:DB:4B:AB:CE (Unknown) Nmap finished: 11 IP addresses (3 hosts up) scanned in 0.584 seconds root@monk:~>nmap -sP -n -PE --packet-trace --scan-delay 10 192.168.1.1-11 Starting Nmap 4.20 ( http://insecure.org ) at 2008-04-21 22:14 PDT SENT (0.0200s) ARP who-has 192.168.1.1 tell 192.168.1.9 SENT (0.1210s) ARP who-has 192.168.1.1 tell 192.168.1.9 RCVD (0.0200s) ARP reply 192.168.1.1 is-at 00:B0:D0:47:76:48 SENT (0.2090s) ARP who-has 192.168.1.2 tell 192.168.1.9 SENT (0.3100s) ARP who-has 192.168.1.2 tell 192.168.1.9 SENT (0.4110s) ARP who-has 192.168.1.3 tell 192.168.1.9 RCVD (0.1210s) ARP reply 192.168.1.1 is-at 00:B0:D0:47:76:48 RCVD (0.4110s) ARP reply 192.168.1.3 is-at 00:B0:D0:7E:6C:7E SENT (0.4110s) ARP who-has 192.168.1.4 tell 192.168.1.9 SENT (0.5120s) ARP who-has 192.168.1.4 tell 192.168.1.9 SENT (0.6130s) ARP who-has 192.168.1.5 tell 192.168.1.9 SENT (0.7140s) ARP who-has 192.168.1.5 tell 192.168.1.9 SENT (0.8160s) ARP who-has 192.168.1.6 tell 192.168.1.9 SENT (0.9170s) ARP who-has 192.168.1.6 tell 192.168.1.9 SENT (1.0170s) ARP who-has 192.168.1.7 tell 192.168.1.9 SENT (1.1180s) ARP who-has 192.168.1.7 tell 192.168.1.9 SENT (1.2190s) ARP who-has 192.168.1.8 tell 192.168.1.9 SENT (1.3200s) ARP who-has 192.168.1.8 tell 192.168.1.9 Host 192.168.1.1 appears to be up. MAC Address: 00:B0:D0:47:76:48 (Dell Computer) Host 192.168.1.3 appears to be up. MAC Address: 00:B0:D0:7E:6C:7E (Dell Computer) Host 192.168.1.9 appears to be up. SENT (1.6000s) ARP who-has 192.168.1.10 tell 192.168.1.9 SENT (1.7010s) ARP who-has 192.168.1.10 tell 192.168.1.9 RCVD (1.6000s) ARP reply 192.168.1.10 is-at 00:19:DB:4B:AB:CE SENT (1.7900s) ARP who-has 192.168.1.11 tell 192.168.1.9 SENT (1.8920s) ARP who-has 192.168.1.11 tell 192.168.1.9 RCVD (1.7010s) ARP reply 192.168.1.10 is-at 00:19:DB:4B:AB:CE RCVD (1.7900s) ARP reply 192.168.1.11 is-at 08:00:20:C9:A6:15 Host 192.168.1.10 appears to be up. MAC Address: 00:19:DB:4B:AB:CE (Unknown) Host 192.168.1.11 appears to be up. MAC Address: 08:00:20:C9:A6:15 (SUN Microsystems) Nmap finished: 11 IP addresses (5 hosts up) scanned in 1.990 seconds
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200804220540.m3M5e5H2096084>