On Fri, Feb 03, 2006 at 10:02:32PM -0500, Melameth, Daniel D. wrote: > I don't get it--it appears nmap is broken. Perhaps I'm overlooking > something obvious, but any thoughts appreciated... > > > An nmap scan gives me this: > > $ sudo nmap 208.139.x.x > > Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-02-03 19:45 > MST > Note: Host seems down. If it is really up, but blocking our ping probes, > try -P0 > Nmap finished: 1 IP address (0 hosts up) scanned in 2.109 seconds > > Which I follow up with a: > > $ ping -c 5 208.139.x.x > PING 208.139.x.x (208.139.x.x): 56 data bytes > 64 bytes from 208.139.x.x: icmp_seq=0 ttl=239 time=91.979 ms > 64 bytes from 208.139.x.x: icmp_seq=1 ttl=239 time=84.497 ms > 64 bytes from 208.139.x.x: icmp_seq=2 ttl=239 time=82.354 ms > 64 bytes from 208.139.x.x: icmp_seq=3 ttl=239 time=87.825 ms > 64 bytes from 208.139.x.x: icmp_seq=4 ttl=239 time=85.699 ms > --- 208.139.x.x ping statistics --- > 5 packets transmitted, 5 packets received, 0.0% packet loss > round-trip min/avg/max/std-dev = 82.354/86.470/91.979/3.295 ms > > Running while the above is happening, tcpdumps yield: > > $ sudo tcpdump -nqi pppoe0 src host 208.139.x.x and dst host 209.180.x.x > tcpdump: listening on pppoe0, link-type PPP_ETHER > 19:45:49.671358 208.139.x.x > 209.180.x.x: icmp: 0 0 > 19:45:49.674068 208.139.x.x.80 > 209.180.x.x.57989: tcp 0 (DF) > 19:45:50.683407 208.139.x.x > 209.180.x.x: icmp: 0 0 > 19:45:50.691346 208.139.x.x.80 > 209.180.x.x.57985: tcp 0 (DF) > 19:46:00.565862 208.139.x.x > 209.180.x.x: icmp: 0 0 > 19:46:01.565834 208.139.x.x > 209.180.x.x: icmp: 0 0 > 19:46:02.573631 208.139.x.x > 209.180.x.x: icmp: 0 0 > 19:46:03.589132 208.139.x.x > 209.180.x.x: icmp: 0 0 > 19:46:04.596986 208.139.x.x > 209.180.x.x: icmp: 0 0 > > $ sudo tcpdump -qni pflog0 > tcpdump: WARNING: pflog0: no IPv4 address assigned > tcpdump: listening on pflog0, link-type PFLOG > > > I'm not certain where to look next. > >
This is normal behaviour (at least with the many 3.* versions I have used). Nmap checks for open ports like http (look at your tcpdump output) and does not always rely on icmp. Nothing OpenBSD specific, you have that on a linux box, too. Tobias
