On Jun 23, 2008, at 3:21 PM, Roman Medina-Heigl Hernandez wrote: > I'm trying to scan a host with the default policy. The host is alive > and > responding to pings. I got no results when scanning with Nessus 3.2.0 > (Windows). Looking at scan.log (in he "logs" dir), I can see a > "remote host > is dead". But my question is why? If I run nmap against the host, I > can see > unprivileged ports open (>1024) and of course it's responding to > ping. I > also entered 1-65535 in "port scanner range".
Hi Roman. Is the remote host a printer or some type of multifunction device? By default, Nessus will try to identify hosts that are and mark them as dead because many such devices don't react very well to scanning, even a basic port scan. If so, you can edit the scan policy and check "Scan Network Printers" (look on the "Advanced" tab, under "Do not scan fragile devices"). Also, Nessus doesn't use ICMP pings by default but instead sends TCP pings to a limited number of ports. You could either choose to do an ICMP ping or make sure that one of the TCP ports you know to be open is included in the list of TCP ports to be pinged (look under the "Advanced" tab, under "Ping the remote host", "TCP ping destination port(s)"). Or you can disable the Ping port scan altogether. > Another question, how could I debug this? If I enable the option to > "save a > packet capture of the scan", I couldn't find any new log on logs dir > (where > should it be placed?) Unfortunately, Nessus Windows does not have support for saving packet captures. I suppose the alternate approach would be to use Wireshark alongside Nessus to see what's being sent and what's coming back. If my comments above don't help, that is. Hope this helps, George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
