Nmap Development mailing list archives
Re: Nmap unknown guess packets that don't receive?
From: Martin Mačok <martin.macok () underground cz>
Date: Fri, 3 Dec 2004 10:01:08 +0100
On Thu, Dec 02, 2004 at 12:45:07PM +0100, Listas - ISecAuditors wrote:
# nmap 3.70 scan initiated Thu Dec 2 11:57:40 2004 as: nmap -sS -v -n --packet_trace -p 80-81 -oN nmap-ACK.log --scanflags ACK yy.yy.yy.yy SENT (0.0050s) ICMP xx.xx.xx.xx > yy.yy.yy.yy Echo request (type=8/code=0) ttl=59 id=19541 iplen=28 SENT (0.0050s) TCP xx.xx.xx.xx:43998 > yy.yy.yy.yy:80 A ttl=57 id=14988 iplen=40 seq=3834672862 win=2048 ack=223377118 RCVD (0.0060s) TCP 80.224.33.160:80 > xx.xx.xx.xx:43998 R ttl=255 id=47948 iplen=40 seq=223377118 win=0
You've sent ACK to yy.yy.yy.yy:80 and received RST from 80.224.33.160:80. My guess is that yy.yy.yy.yy != 80.224.33.160 (even TTLs are different for RST and Echo Reply packets). RST came probably from firewall host in between.
And that's the tcpdump capture:
What was the command line used to capture this? You've probably used a filter to see just "host yy.yy.yy.yy", haven't you? This could explain why you didn't see RST packet with it... Martin Mačok IT Security Consultant --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Nmap unknown guess packets that don't receive? Listas - ISecAuditors (Dec 02)
- Re: Nmap unknown guess packets that don't receive? Martin Mačok (Dec 03)