Switch to -sn and -Pn as the new preferred synonyms for -sP and -P0.

This establishes a more regular syntax for some options that disable
phases of a scan:
	-n  no reverse DNS
	-Pn no host discovery
	-sn no port scan
Also, the -sP was possibly misleading because the 'P' suggests "ping
scan," when you can now do more than just pinging when you disable port
scanning. For example, -sC -sn and -sn -Pn --traceroute make sense.

NmapOps.cc

@@ -362,15 +362,15 @@ dialog where you can start NPF if you have administrator privileges.";
     if (isr00t && af() == AF_INET)
       synscan++;
     else connectscan++;
-    //    if (verbose) error("No TCP, UDP, SCTP or ICMP scantype specified, assuming %s scan. Use -sP if you really don't want to portscan (and just want to see what hosts are up).", synscan? "SYN Stealth" : "vanilla tcp connect()");
+    //    if (verbose) error("No TCP, UDP, SCTP or ICMP scantype specified, assuming %s scan. Use -sn if you really don't want to portscan (and just want to see what hosts are up).", synscan? "SYN Stealth" : "vanilla tcp connect()");
   }
 
   if (pingtype != PINGTYPE_NONE && spoofsource) {
-    error("WARNING:  If -S is being used to fake your source address, you may also have to use -e <interface> and -PN .  If you are using it to specify your real source address, you can ignore this warning.");
+    error("WARNING:  If -S is being used to fake your source address, you may also have to use -e <interface> and -Pn .  If you are using it to specify your real source address, you can ignore this warning.");
   }
 
   if (pingtype != PINGTYPE_NONE && idlescan) {
-    error("WARNING: Many people use -PN w/Idlescan to prevent pings from their true IP.  On the other hand, timing info Nmap gains from pings can allow for faster, more reliable scans.");
+    error("WARNING: Many people use -Pn w/Idlescan to prevent pings from their true IP.  On the other hand, timing info Nmap gains from pings can allow for faster, more reliable scans.");
     sleep(2); /* Give ppl a chance for ^C :) */
   }
 
@@ -399,7 +399,7 @@ dialog where you can start NPF if you have administrator privileges.";
  }
 
  if (noportscan && (TCPScan() || UDPScan() || SCTPScan() || ipprotscan)) {
-   fatal("-sL and -sP (skip port scan) are not valid with any other scan types");
+   fatal("-sL and -sn (skip port scan) are not valid with any other scan types");
  }
 
  if (af() == AF_INET6 && (pingtype & (PINGTYPE_ICMP_PING|PINGTYPE_ICMP_MASK|PINGTYPE_ICMP_TS))) {
@@ -439,7 +439,7 @@ dialog where you can start NPF if you have administrator privileges.";
   }
   
   if (bouncescan && pingtype != PINGTYPE_NONE) 
-    log_write(LOG_STDOUT, "Hint: if your bounce scan target hosts aren't reachable from here, remember to use -PN so we don't try and ping them prior to the scan\n");
+    log_write(LOG_STDOUT, "Hint: if your bounce scan target hosts aren't reachable from here, remember to use -Pn so we don't try and ping them prior to the scan\n");
   
   if (ackscan+bouncescan+connectscan+finscan+idlescan+maimonscan+nullscan+synscan+windowscan+xmasscan > 1)
     fatal("You specified more than one type of TCP scan.  Please choose only one of -sA, -b, -sT, -sF, -sI, -sM, -sN, -sS, -sW, and -sX");
@@ -464,7 +464,7 @@ dialog where you can start NPF if you have administrator privileges.";
 #endif
   
   if (osscan && noportscan) {
-    fatal("WARNING:  OS Scan is unreliable without a port scan.  You need to use a scan type along with it, such as -sS, -sT, -sF, etc instead of -sP");
+    fatal("WARNING:  OS Scan is unreliable without a port scan.  You need to use a scan type along with it, such as -sS, -sT, -sF, etc instead of -sn");
   }
 
   if (osscan && ipprotscan) {
@@ -500,7 +500,7 @@ dialog where you can start NPF if you have administrator privileges.";
   }
   
   if (af() == AF_INET6 && (generate_random_ips|numdecoys|osscan|bouncescan|fragscan|ackscan|finscan|idlescan|ipprotscan|maimonscan|nullscan|synscan|udpscan|windowscan|xmasscan|sctpinitscan|sctpcookieechoscan)) {
-    fatal("Sorry -- IPv6 support is currently only available for connect() scan (-sT), ping scan (-sP), and list scan (-sL).  OS detection, random targets and decoys are also not supported with IPv6.  Further support is under consideration.");
+    fatal("Sorry -- IPv6 support is currently only available for connect() scan (-sT), ping scan (-sn), and list scan (-sL).  OS detection, random targets and decoys are also not supported with IPv6.  Further support is under consideration.");
   }
 
   /* Prevent performance values from getting out of whack */

docs/nmap-install.xml

@@ -710,13 +710,13 @@ quite as efficient as on Unix.  Here are the known limitations:
 interface</primary></indexterm> IP such as 127.0.0.1 or any of its
 registered IP addresses).  This is a Windows limitation that we
 haven't yet worked around.  If you really want to do this, use a TCP
-connect scan without pinging (<option>-sT -PN</option>) as that uses
+connect scan without pinging (<option>-sT -Pn</option>) as that uses
 the high level socket API rather than sending raw
 packets.</para></listitem>
 
 <listitem><para>Nmap only supports ethernet interfaces (including most
 802.11 wireless cards and many VPN clients) for raw packet scans.
-Unless you use the <option>-sT -PN</option> options, RAS connections
+Unless you use the <option>-sT -Pn</option> options, RAS connections
 (such as PPP dialups) and certain VPN clients are not supported.  This
 support was dropped when Microsoft removed raw TCP/IP socket support
 in Windows XP SP2.  Now Nmap must send lower-level ethernet frames

docs/refguide.xml

@@ -325,7 +325,7 @@ you would expect.</para>
     the simple ICMP echo request packets associated with the
     ubiquitous <application>ping</application> tool. Users can skip
     the ping step entirely with a list scan (<option>-sL</option>) or
-    by disabling ping (<option>-PN</option>), or engage the network
+    by disabling ping (<option>-Pn</option>), or engage the network
     with arbitrary combinations of multi-port TCP SYN/ACK, UDP, SCTP
     INIT and ICMP probes. The goal of these probes is to solicit
     responses which demonstrate that an IP address is actually active
@@ -365,8 +365,8 @@ you would expect.</para>
     port scan against each host it determines is online.  This is true
     even if you specify non-default host discovery types such as UDP
     probes (<option>-PU</option>).  Read about the
-    <option>-sP</option> option to learn how to perform
-    only host discovery, or use <option>-PN</option> to skip host
+    <option>-sn</option> option to learn how to perform
+    only host discovery, or use <option>-Pn</option> to skip host
     discovery and port scan all target hosts.  The following options
     control host discovery:</para>
 
@@ -399,16 +399,16 @@ you would expect.</para>
           scanning, OS detection, or ping scanning cannot be combined
           with this.  If you wish to disable ping scanning while still
           performing such higher level functionality, read up on the
-          <option>-PN</option> (skip ping) option.</para>
+          <option>-Pn</option> (skip ping) option.</para>
         </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>
-        <option>-sP</option> (Skip port scan)
-        <indexterm><primary><option>-sP</option></primary></indexterm>
+        <option>-sn</option> (No port scan)
+        <indexterm><primary><option>-sn</option></primary></indexterm>
         <indexterm><primary>ping scan</primary></indexterm>
-        <indexterm><primary>port scan</primary><secondary>disabling with <option>-sP</option></secondary></indexterm>
+        <indexterm><primary>port scan</primary><secondary>disabling with <option>-sn</option></secondary></indexterm>
         </term>
         <listitem>
            <para>This option tells Nmap not to do a port scan after host
@@ -430,7 +430,7 @@ you would expect.</para>
            pinging the broadcast address because many hosts do not
            reply to broadcast queries.</para>
 
-           <para>The <option>-sP</option> option sends an ICMP echo
+           <para>The default host discovery done with <option>-sn</option> consists of an ICMP echo
            request, TCP SYN to port 443, TCP ACK to port 80, and an ICMP
            timestamp request by default.  When
            executed by an unprivileged user, only SYN packets are sent
@@ -439,9 +439,9 @@ you would expect.</para>
            on a local ethernet network, ARP requests
            are used unless
            <option>--send-ip</option> was specified.
-           The <option>-sP</option> option can be combined with any of the
+           The <option>-sn</option> option can be combined with any of the
            discovery probe types (the <option>-P*</option> options,
-           excluding <option>-PN</option>) for greater flexibility.
+           excluding <option>-Pn</option>) for greater flexibility.
            If any of those probe type and port number options are
            used, the default probes are
            overridden.  When strict firewalls are in place between the
@@ -456,8 +456,8 @@ you would expect.</para>
 
       <varlistentry>
         <term>
-          <option>-PN</option> (No ping)
-          <indexterm><primary><option>-PN</option></primary></indexterm>
+          <option>-Pn</option> (No ping)
+          <indexterm><primary><option>-Pn</option></primary></indexterm>
           <indexterm><primary>host discovery</primary><secondary>disabling</secondary></indexterm>
         </term>
         <listitem>
@@ -466,7 +466,7 @@ you would expect.</para>
           for heavier scanning.  By default, Nmap only performs heavy
           probing such as port scans, version detection, or OS
           detection against hosts that are found to be up.  Disabling
-          host discovery with <option>-PN</option> causes Nmap to
+          host discovery with <option>-Pn</option> causes Nmap to
           attempt the requested scanning functions against
           <emphasis>every</emphasis> target IP address specified.  So
           if a class B sized target address space (/16) is specified
@@ -476,7 +476,7 @@ you would expect.</para>
           continues to perform requested functions as if each target
           IP is active. To skip ping scan <emphasis>and</emphasis> port
           scan, while still allowing NSE to run, use the two options
-          <option>-PN -sP</option> together.</para>
+          <option>-Pn -sn</option> together.</para>
           
           <para>For machines on a local ethernet network, ARP
           scanning will still be performed (unless
@@ -2097,7 +2097,7 @@ way.</para>
           open and one closed TCP port are found. Set this option
           and Nmap will not even try OS detection against hosts
           that do not meet this criteria. This can save substantial
-          time, particularly on <option>-PN</option> scans against many hosts. It
+          time, particularly on <option>-Pn</option> scans against many hosts. It
           only matters when OS detection is requested with <option>-O</option> or <option>-A</option>.</para>
         </listitem>
       </varlistentry>
@@ -2465,7 +2465,7 @@ be set to keep the group size within a specific range, though this is
 rarely desired.</para>
 
 <para>These options do not have an effect during the host discovery
-phase of a scan. This includes plain ping scans (<option>-sP</option>).
+phase of a scan. This includes plain ping scans (<option>-sn</option>).
 Host discovery always works in large groups of hosts to improve speed
 and accuracy.</para>
 
@@ -2541,7 +2541,7 @@ scans unresponsive hosts.</para>
 Specifying a lower <option>--max-rtt-timeout</option> and
 <option>--initial-rtt-timeout</option> than the defaults can cut scan
 times significantly.  This is particularly true for pingless
-(<option>-PN</option>) scans, and those against heavily filtered
+(<option>-Pn</option>) scans, and those against heavily filtered
 networks.  Don't get too aggressive though.  The scan can end up
 taking longer if you specify such a low value that many probes are
 timing out and retransmitting while the response is in transit.</para>
@@ -3075,7 +3075,7 @@ services.</para>
           to make the targets think that <emphasis>someone
           else</emphasis> is scanning them. Imagine a company being
           repeatedly port scanned by a competitor!  The
-          <option>-e</option> option and <option>-PN</option> are
+          <option>-e</option> option and <option>-Pn</option> are
           generally required for this sort of usage.  Note that you
           usually won't receive reply packets back (they will be
           addressed to the IP you are spoofing), so Nmap won't produce
@@ -4327,20 +4327,20 @@ overwhelming requests.  Specify <option>--open</option> to only see
 
     <para>
       <indexterm><primary><option>-iR</option></primary><secondary>example of</secondary></indexterm>
-      <indexterm><primary><option>-PN</option></primary><secondary>example of</secondary></indexterm>
-      <command>nmap -v -iR 100000 -PN -p 80</command>
+      <indexterm><primary><option>-Pn</option></primary><secondary>example of</secondary></indexterm>
+      <command>nmap -v -iR 100000 -Pn -p 80</command>
     </para>
 
     <para>Asks Nmap to choose 100,000 hosts at random and scan them
     for web servers (port 80).  Host enumeration is disabled with
-    <option>-PN</option> since first sending a couple probes to
+    <option>-Pn</option> since first sending a couple probes to
     determine whether a host is up is wasteful when you are only
     probing one port on each target host anyway.</para>
 
     <para>
       <indexterm><primary><option>-oX</option></primary><secondary>example of</secondary></indexterm>
       <indexterm><primary><option>-oG</option></primary><secondary>example of</secondary></indexterm>
-      <command>nmap -PN -p80 -oX logs/pb-port80scan.xml -oG
+      <command>nmap -Pn -p80 -oX logs/pb-port80scan.xml -oG
       logs/pb-port80scan.gnmap 216.163.128.20/20</command>
     </para>
     <para>This scans 4096 IPs for any web servers (without pinging

docs/scripting.xml

@@ -197,11 +197,11 @@ Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds
     <para>
     Script scanning is normally done in combination with a port scan,
     because scripts may be run or not run depending on the port states
-    found by the scan. With the <option>-sP</option> option it is
+    found by the scan. With the <option>-sn</option> option it is
     possible to run a script scan without a port scan, only host
     discovery. In this case only host scripts will be eligible to run.
     To run a script scan with neither a host discovery nor a port scan,
-    use the <option>-PN -sP</option> options together with
+    use the <option>-Pn -sn</option> options together with
     <option>-sC</option> or <option>--script</option>. Every host will
     be assumed up and still only host scripts will be run. This
     technique is useful for scripts like
@@ -776,14 +776,14 @@ local username = nmap.registry.args.user
           </listitem>
         </varlistentry>
         <varlistentry>
-          <term><command>nmap -sP -sC example.com</command></term>
+          <term><command>nmap -sn -sC example.com</command></term>
           <listitem>
           <para>A script scan without a port scan; only host scripts are
           eligible to run.</para>
           </listitem>
         </varlistentry>
         <varlistentry>
-          <term><command>nmap -PN -sP -sC example.com</command></term>
+          <term><command>nmap -Pn -sn -sC example.com</command></term>
           <listitem>
           <para>A script scan without host discovery or a port scan. All
           hosts are assumed up and only host scripts are eligible to

nmap.cc

@@ -214,8 +214,8 @@ printf("%s %s ( %s )\n"
        "  --excludefile <exclude_file>: Exclude list from file\n"
        "HOST DISCOVERY:\n"
        "  -sL: List Scan - simply list targets to scan\n"
-       "  -sP: Ping Scan - go no further than determining if host is online\n"
-       "  -PN: Treat all hosts as online -- skip host discovery\n"
+       "  -sn: Ping Scan - disable port scan\n"
+       "  -Pn: Treat all hosts as online -- skip host discovery\n"
        "  -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports\n"
        "  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes\n"
        "  -PO[protocol list]: IP Protocol Ping\n"
@@ -310,8 +310,8 @@ printf("%s %s ( %s )\n"
        "  -h: Print this help summary page.\n"
        "EXAMPLES:\n"
        "  nmap -v -A scanme.nmap.org\n"
-       "  nmap -v -sP 192.168.0.0/16 10.0.0.0/8\n"
-       "  nmap -v -iR 10000 -PN -p 80\n"
+       "  nmap -v -sn 192.168.0.0/16 10.0.0.0/8\n"
+       "  nmap -v -iR 10000 -Pn -p 80\n"
        "SEE THE MAN PAGE (http://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES\n", NMAP_NAME, NMAP_VERSION, NMAP_URL);
   exit(rc);
 }
@@ -1212,7 +1212,7 @@ int nmap_main(int argc, char *argv[]) {
           assert(ports.proto_ping_count > 0);
         }
       } else {
-        fatal("Illegal Argument to -P, use -PN, -PO, -PI, -PB, -PE, -PM, -PP, -PA, -PU, -PT, -PY, or -PT80 (or whatever number you want for the TCP probe destination port)");
+        fatal("Illegal Argument to -P, use -Pn, -PO, -PI, -PB, -PE, -PM, -PP, -PA, -PU, -PT, -PY, or -PT80 (or whatever number you want for the TCP probe destination port)");
       }
       break;
     case 'p':
@@ -1236,7 +1236,7 @@ int nmap_main(int argc, char *argv[]) {
       break;
     case 's':
       if (!*optarg) {
-        error("An option is required for -s, most common are -sT (tcp scan), -sS (SYN scan), -sF (FIN scan), -sU (UDP scan) and -sP (Ping scan)");
+        error("An option is required for -s, most common are -sT (tcp scan), -sS (SYN scan), -sF (FIN scan), -sU (UDP scan) and -sn (Ping scan)");
         printusage(argv[0], -1);
       }
       p = optarg;

output.cc

@@ -2213,7 +2213,7 @@ void printfinaloutput() {
     error("WARNING: No targets were specified, so 0 hosts scanned.");
   if (o.numhosts_scanned == 1 && o.numhosts_up == 0 && !o.listscan &&
       o.pingtype != PINGTYPE_NONE)
-    log_write(LOG_STDOUT, "Note: Host seems down. If it is really up, but blocking our ping probes, try -PN\n");
+    log_write(LOG_STDOUT, "Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn\n");
   else if (o.numhosts_up > 0) {
     if (o.osscan && o.servicescan)
       log_write(LOG_PLAIN, "OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .\n");

tcpip.cc

@@ -1037,7 +1037,7 @@ pcap_t *my_pcap_open_live(const char *device, int snaplen, int promisc, int to_m
           "LINUX: If you are getting Socket type not supported, try modprobe af_packet or recompile your kernel with SOCK_PACKET enabled.\n"
           "*BSD:  If you are getting device not configured, you need to recompile your kernel with Berkeley Packet Filter support.  If you are getting No such file or directory, try creating the device (eg cd /dev; MAKEDEV <device>; or use mknod).\n"
           "*WINDOWS:  Nmap only supports ethernet interfaces on Windows for most operations because Microsoft disabled raw sockets as of Windows XP SP2.  Depending on the reason for this error, it is possible that the --unprivileged command-line argument will help.\n"
-          "SOLARIS:  If you are trying to scan localhost or the address of an interface and are getting '/dev/lo0: No such file or directory' or 'lo0: No DLPI device found', complain to Sun.  I don't think Solaris can support advanced localhost scans.  You can probably use \"-PN -sT localhost\" though.\n\n",
+          "SOLARIS:  If you are trying to scan localhost or the address of an interface and are getting '/dev/lo0: No such file or directory' or 'lo0: No DLPI device found', complain to Sun.  I don't think Solaris can support advanced localhost scans.  You can probably use \"-Pn -sT localhost\" though.\n\n",
              pcapdev, snaplen, promisc, to_ms, err0r);
       } else {
         error("pcap_open_live(%s, %d, %d, %d) FAILED. Reported error: %s.  Will wait %d seconds then retry.", pcapdev, snaplen, promisc, to_ms, err0r, (int) pow(5.0, failed));