Loading
Scanning Your Network with nmap
- Fun with ethtool
- Linux--The Internet Appliance?
- Dia - The Diagram Creation Tool
- Readers' Choice Awards 2011
- Validate an E-Mail Address with PHP, the Right Way
- Stack Backtracing Inside Your Program
- Python for Android
- LiS: Linux STREAMS
- Building a Two-Node Linux Cluster with Heartbeat
- Three-Tier Architecture
- Dia
4 hours 24 min ago - Service units, is a daemon
6 hours 15 sec ago - Tcp
6 hours 20 min ago - Lamenting more development of Dia
12 hours 12 min ago - multiboot that works well for me
22 hours 2 min ago - What's a good, AFFORDABLE aka
22 hours 3 min ago - Employment Posters
1 day 13 hours ago - Sure the best distro is
1 day 14 hours ago - BeOS was the best
1 day 17 hours ago - I use Wireshark on a daily
1 day 22 hours ago
Comments
strange
Hi,
I see that nmap 3.00 (32 bit) -sP works and display correct results compared to nmap 4.12 and 5.00 (64 bit versions)
Newer ones are missing machines during ping.
Anyone knows why?
strange
Hi,
I see that nmap 3.00 (32 bit) -sP works and display correct results compared to nmap 4.12 and 5.00 (64 bit versions)
Newer ones are missing machines during ping.
Anyone knows why?
Didn't work so well for me.
So I tried nmap -sP 192.168.1.0/24 where -sP is ping Scan - go no further than determining if host is online.
Returned 4 results.
compared to:
ping -b 192.168.1.0
which returned 2 results the same, missed 2 of the results returned by nmap -sP and returned 2 that nmap -sP didn't.
Ok so I get not everything is configured to respond to ping on the broadcast address. But if they do respond (and they do) then WTF? Why doesn't nmap know about them? They respond to a direct ping too and they have dns resolving fine.
Also there are 7 machines up so one, an apple osx laptop which responds to neither nmap -sP nor ping -b but responds to a direct ping on its ip.
The value of the technique you've outlined to work out what boxes are up, reachable and what they are seems pretty limited based on this. Is nmap jsut buggy or is it just another case of spending hundreds of hours studying like a cracker to achieve the simple result as described? Above results on both current gentoo and debian stable.
Cheers,
H.
Just a *bit*
Yeah, nmap is amazingly complex. In fact, I started the video saying I was just showing a "bit of a tool", because it does so much more.
nmap will do stealth scans, which usually dont' show up on ping scanner logs, and it will do lots of other neat "tricks" to find info on hosts. Many of the cool things require root access. Check out the manpage for nmap -- it's pretty cool.
-Shawn
Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter
Example still broken.
Man page still says it's a ping scan.
Machines still respond to ping while being invisible to nmap's ping scan. And I'm still looking at your example.
So am I right in thinking either the docs are broken or nmap is?
A fictional character called "Trinity" used nmap in a rubbish sci-fi movie sequel that probably would have been better off left unmade, maybe that certification makes it "bug free(tm)?" ;)
from nmap -v -sP 192.168.1.0/24
...
Host 192.168.1.40 appears to be down.
...
the next two commands seem to be at odds with nmap.
$ ping 192.168.1.40
PING 192.168.1.40 (192.168.1.40) 56(84) bytes of data.
64 bytes from 192.168.1.40: icmp_seq=1 ttl=64 time=1.74 ms
64 bytes from 192.168.1.40: icmp_seq=2 ttl=64 time=1.70 ms
$ nslookup 192.168.1.40
Server: 192.168.1.102
Address: 192.168.1.102#53
40.1.168.192.in-addr.arpa name = elsinor.mydomain.shh-secret.
This slow bash command:
for((i=1; $i<255; i=$i+1 )); do ping -c 1 192.168.1.$i >/dev/null; if [ $? -eq 0 ];then echo "192.168.1.$i WIN";fi; done
Is almost unusably s l o w, but actually works to map the part of the local network that responds to ping.
I'm interested to hear your thoughts on why it doesn't work as advertised. If I'm a 'tard shoot straight! :)
Cheers,
H.
Well I guess it's "cool" to
Well I guess it's "cool" to post a broken example that you don't understand or with a cool meter reading so high to ignore it when someone does the work that shows your example to be broken for you, rather than you having to test yourself. Makes me want to subscribe to Linux Journal and I guess that's the aim of exercise. Do they say awesomely cool stuff like "Read the F%@*#^H^H^Hine manpage" as a substitute for doing the work properly in the magazine articles too? That'd be awesomely "cool" too.
VU meter
Hi Shawn, I would like to know what is that VU meter on the Gnome panel?
It's not my "cool" meter... it goes too high. :)
That is xvidcap minimized to the taskbar. Normally I capture a virtual machine, but I'm away at camp this week, so I'm using my actual laptop machine. So that's my actual desktop, and you see xvidcap doing its thing.
Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter
Nice little bit of a video.
Nmap 5 is the latest stable version and has been available since July 16, 2009 at http://nmap.org/ .
You probably won't see those NSE errors in the new version which is greatly improved in all areas.