Nmap Development mailing list archives
Re: scanme.insecure.org TCP handshake (3.59ALPHA7: About to go gold)
From: Fyodor <fyodor () insecure org>
Date: Mon, 30 Aug 2004 21:30:45 -0700
On Mon, Aug 30, 2004 at 04:08:49PM +0200, Martin Ma?ok wrote:
And see what is happening on the wire during and after that: % tethereal host scanme.insecure.org Capturing on eth0 0.000000 193.84.252.200 -> 205.217.153.55 TCP 44746 > ssh [SYN] Seq=3600912504 Ack=0 Win=4096 Len=0 0.205689 205.217.153.55 -> 193.84.252.200 TCP ssh > 44746 [SYN, ACK] Seq=2649899160 Ack=3600912505 Win=5840 Len=0 MSS=1460 0.205728 193.84.252.200 -> 205.217.153.55 TCP 44746 > ssh [RST] Seq=3600912505 Ack=0 Win=0 Len=0 4.251337 205.217.153.55 -> 193.84.252.200 TCP ssh > 44746 [SYN, ACK] Seq=2649899160 Ack=3600912505 Win=5840 Len=0 MSS=1460 4.251355 193.84.252.200 -> 205.217.153.55 TCP 44746 > ssh [RST] Seq=3600912505 Ack=0 Win=0 Len=0 10.042602 205.217.153.55 -> 193.84.252.200 TCP ssh > 53802 [SYN, ACK] Seq=2628604108 Ack=4037269348 Win=5840 Len=0 MSS=1460 10.042622 193.84.252.200 -> 205.217.153.55 TCP 53802 > ssh [RST] Seq=4037269348 Ack=0 Win=0 Len=0
Is tethereal running on the source host? Maybe the RST isn't making its way to the destination because of host firewall rules on the src host? Have you tried running this on the target to see whether the RST packets show up? Like you said, it does look like the target is ignoring them. Nmap does not send the RSTs, they are sent by the kernel, so they should be just like any other RSTs that host sends. Cheers, -F --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- 3.59ALPHA7: About to go gold Fyodor (Aug 29)
- Re: 3.59ALPHA7: About to go gold Grishnav (Aug 29)
- Re: 3.59ALPHA7: About to go gold Fyodor (Aug 29)
- scanme.insecure.org TCP handshake (3.59ALPHA7: About to go gold) Martin Mačok (Aug 30)
- Re: scanme.insecure.org TCP handshake (3.59ALPHA7: About to go gold) Fyodor (Aug 30)
- Re: scanme.insecure.org TCP handshake (3.59ALPHA7: About to go gold) Martin Mačok (Aug 31)
- Re: scanme.insecure.org TCP handshake (3.59ALPHA7: About to go gold) Fyodor (Aug 30)
- Re: 3.59ALPHA7: About to go gold Grishnav (Aug 29)