Nmap Development mailing list archives
Re: ACK Scans
From: Philippe Biondi <biondi () cartel-securite fr>
Date: Tue, 27 May 2003 15:19:49 +0200 (CEST)
On Tue, 27 May 2003, Triple Crown wrote:
Philippe Biondi wrote:On Fri, 23 May 2003, Triple Crown wrote: Use tcpdump to know exactly what are the sent packets and if they matrch your expectations.I've been using tcpdump and I have not found it possible to send an ack 0 with nmap. I don't think the snort rule is of much value for nmap. I have a good idea of why the alert was triggered but have a little more research to do.
If you want to generate very specific packets, you can have a look at scapy : http://www.cartel-securite.fr/pbiondi/scapy.html -- Philippe Biondi <biondi@ cartel-securite.fr> Cartel Sécurité Security Consultant/R&D http://www.cartel-securite.fr Phone: +33 1 44 06 97 94 Fax: +33 1 44 06 97 99 PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2 --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- ACK Scans Triple Crown (May 23)
- Re: ACK Scans Philippe Biondi (May 25)
- Re: ACK Scans Triple Crown (May 27)
- Re: ACK Scans Philippe Biondi (May 27)
- Re: ACK Scans Triple Crown (May 27)
- Re: ACK Scans Fyodor (Jun 13)
- Re: ACK Scans Philippe Biondi (May 25)