> As myself; > > nmap -sP -PT80 216.162.3.81 > > Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at > 2005-07-21 10:27 > EDT > Host dns1.nmrg.net (216.162.3.81) appears to be up. > Nmap finished: 1 IP address (1 host up) scanned in 0.580 > seconds > > As root: > > nmap -sP -PT80 216.162.3.81 > > Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at > 2005-07-21 10:28 > EDT > Note: Host seems down. If it is really up, but blocking our > ping probes, > try -P0 > Nmap finished: 1 IP address (0 hosts up) scanned in 2.066 > seconds > > Is this an nmap bug or am I missing something?
The short answer is no, nothing's wrong. nmap uses different methods when run as a normal user compared to when run as a root user. the root user methods are usually more robust but, in this case, the "normal" settings are preferable. the following tcpdump produced by your command demonsrates the difference in the nmap packets when run your command is run as normal user vs. root. normal user: nmap -sP -PT80 216.162.3.81 Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2005-07-21 11:48 CDT 11:48:47.464415 IP 10.223.1.1.34790 > 216.162.3.81.80: S 1339416838:1339416838(0) win 5840 <mss 1460,sackOK,timestamp 28318373 0,nop,wscale 0> 11:48:47.564912 IP 216.162.3.81.80 > 10.223.1.1.34790: S 2311607302:2311607302(0) ack 1339416839 win 5792 <mss 1460,sackOK,timestamp 83789268 28318373,nop,wscale 0> 11:48:47.565036 IP 10.223.1.1.34790 > 216.162.3.81.80: . ack 1 win 5840 <nop,nop,timestamp 28318383 83789268> 11:48:47.565210 IP 10.223.1.1.34790 > 216.162.3.81.80: R 1:1(0) ack 1 win 5840 <nop,nop,timestamp 28318383 83789268> Host dns1.nmrg.net (216.162.3.81) appears to be up. Nmap run completed -- 1 IP address (1 host up) scanned in 0.532 seconds root user: nmap -sP -PT80 216.162.3.81 Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2005-07-21 11:48 CDT 11:48:50.771607 IP 10.223.1.1.60054 > 216.162.3.81.80: . ack 4044387230 win 1024 11:48:51.790278 IP 10.223.1.1.60055 > 216.162.3.81.80: . ack 2211476446 win 3072 Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 Nmap run completed -- 1 IP address (0 hosts up) scanned in 2.074 seconds I suggest you simply use nmap -P0 -p80 216.162.3.81 instead which seems to accomplish what you want but works for normal or root. _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
