Nmap Development mailing list archives
Re: some nmap tools
From: MadHat <madhat () unspecific com>
Date: Tue, 9 Dec 2003 12:04:47 -0600
On Dec 7, 2003, at 10:57 AM, Tristan Seligmann wrote:
On Sun, Dec 07, 2003 at 15:06:37 -0000, testic+testic wrote:If the remote port is 'open', ie a service is listening on that port, thesender will recieve a SYN/ACK. If the port is 'filtered' the sender will recieve an RST packet. If the port is 'closed' nothing at all will be recieved.I may be wrong, but doesn't filtered mean an ICMP Reject was received?And sending SYN to a port with no service listening on it will result in RST, not nothing. (of course nothing will be received if a firewall justsilently drops the packet).
My understanding is that on a SYN scan ACK => Open RST => Closed ICMP or Nothing => filteredIf nothing is returned we assume that it is being dropped by a firewall somewhere and "ICMP port unreachable" message means it is being filtered. I am not sure if there is logic for whether or not the RST packet comes from the same host or not.
In 'filtered' and 'closed' states the sender need send no more data at all. Only in 'open' state does any further data need to be sent, in this state we will be sending a further ACK and also we need to close the connection, Nmap I believe will neatly close the connection using FIN. As far as I can tellI would think nmap would just send RST after receiving SYN|ACK.
The host itself should do it and not have to rely on nmap. Once again, my understanding and may be incorrect.
---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- some nmap tools MadHat (Dec 06)
- Re: some nmap tools Bo Cato (Dec 07)
- Re: some nmap tools MadHat (Dec 07)
- RE: some nmap tools Hasnain Atique (Dec 07)
- Re: some nmap tools MadHat (Dec 07)
- RE: some nmap tools Hasnain Atique (Dec 08)
- Re: some nmap tools MadHat (Dec 07)
- Re: some nmap tools Bo Cato (Dec 07)
- <Possible follow-ups>
- Re: some nmap tools testic+testic (Dec 07)
- Re: some nmap tools Akbar Ali (Dec 07)
- Re: some nmap tools Tristan Seligmann (Dec 09)
- Re: some nmap tools MadHat (Dec 09)