-PB This is the default ping type. It uses both the ACK
(-PT) and ICMP (-PI) sweeps in parallel. This way you
can get firewalls that filter either one (but not both).
-O This option activates remote host identification via
TCP/IP fingerprinting. In other words, it uses several
techniques to detect subtleties in the underlying
operating system network stack of the computers you
are scanning. It uses this information to create a
fingerprint, which it compares with its database of
known OS fingerprints (the nmap-os-fingerprints file) to
decide what type of system you are scanning. If you find
a machine that is misdiagnosed and that has at least one
port open, it would be useful if you mail me the details
(i.e., OS blah version foo was detected as OS blah version
bar). If you find a machine with at least one port open
for which nmap says ???unknown operating system,??? then
it would be useful if you send me the IP address along
with the OS name and version number. If you cannot
send the IP address, the next best thing is to run nmap
with the -d option and send me the three fingerprints
that should result along with the OS name and version
number. By doing this you contribute to the pool of
operating systems known to nmap.
-I This turns on TCP reverse ident scanning. As noted by
Dave Goldsmith in a 1996 Bugtraq post, the ident
protocol (rfc 1413) allows for the disclosure of the
username that owns any process connected via TCP,
even if that process did not initiate the connection.
Pages:
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246