I want to do host discovery (and no scanning at all) using nmap's -sP option. Now, the nmap reference manual says:
Quote:
The -sP option sends an ICMP echo request, TCP SYN to port 443, TCP ACK to port 80, and an ICMP timestamp request by default.
|
In otherwords, it 'knocks' on some ports in case it can't get an echo reply. However, when I try to run nmap ping sweep on a custom port (say telnet), I get:
Code:
nmap -sP -p 25 192.168.100.2-254
Starting Nmap 4.76 ( http://nmap.org ) at 2009-07-09 17:32 PDT
You cannot use -F (fast scan) or -p (explicit port selection) with PING scan or LIST scan
QUITTING!
Am I missing something here? Since -sP sends tcp packets, shouldn't it be possible to customize which ports to use?