Nmap on GPRS and problem II

[zaka rias <sciensez () yahoo com>]

Thanks a lot for your reply bout my problem. (i know i
should reply to your reply but there's something wrong
in my email/browser so i make new topic)

You know im just self taught noobie, and my biggest
problem is english language.

After read your reply bout my problem, i think i
should turn 'packet sniffer' on and 
then look into packets data.

You ask me to look closer into 'ttl' (it took 14 hours
for me to surf bout 'what's ttl 
exactly ?').

from rfc and another tutorials that i read i can say
in a short that time to live can
be thought of as a self destruct time limit (like
rfc's said he he).

And i guess the ttl is in IP Field (IP Frame/ethereal
term)

have a look at this ethereal log, i cut unnecceseary
thing from real log (but you can find 
the full log in attachment) :
=======================================================================
No.Time        Source        Destination    Prto 
15 16.136761   192.168.0.2   207.46.18.30   TCP  2227
> http [SYN] Seq=625371507 Ack=0 Win=5840 Len=0
MSS=1460 TSV=4313723 TSER=0 WS=0
Time to live: 64

16 17.232115   207.46.18.30  192.168.0.2    TCP  http
> 2227 [SYN, ACK] Seq=2326028008 Ack=625371508
Win=5792 Len=0 MSS=1460 TSV=2788260086 TSER=4313723
WS=0
Time to live: 62
======================================================================
and the nmap log look like this :
=====================================================================
[root@zacko NMAPlog]# nmap -sT -sV -P0 -T1 -p80
--packet_trace --version_trace -vv 207.46.18.30 -oN
mslog1_no_parallel_withST

Starting nmap 3.81 ( http://www.insecure.org/nmap/ )
at 2005-08-03 19:42 WIT
Initiating Connect() Scan against 207.46.18.30 [1
port] at 19:42
CONN (16.1380s) TCP localhost > 207.46.18.30:80 =>
Operation now in progress
Discovered open port 80/tcp on 207.46.18.30
The Connect() Scan took 16.11s to scan 1 total ports.
Initiating service scan against 1 service on
207.46.18.30 at 19:42
NSOCK (17.2410s) TCP connection requested to
207.46.18.30:80 (IOD #1) EID 8
NSOCK (17.2410s) nsock_loop() started (no timeout). 1
events pending
NSOCK (18.8150s) Callback: CONNECT SUCCESS for EID 8
[207.46.18.30:80]
NSOCK (18.8150s) Read request from IOD #1
[207.46.18.30:80] (timeout: 5000ms) EID 18
NSOCK (23.8170s) Callback: READ TIMEOUT for EID 18
[207.46.18.30:80]
NSOCK (23.8170s) Write request for 18 bytes to IOD #1
EID 27 [207.46.18.30:80]: GET / HTTP/1.0....
NSOCK (23.8170s) Read request from IOD #1
[207.46.18.30:80] (timeout: 5000ms) EID 34
NSOCK (23.8170s) Callback: WRITE SUCCESS for EID 27
[207.46.18.30:80]
NSOCK (26.0920s) Callback: READ SUCCESS for EID 34
[207.46.18.30:80] (1448 bytes)
The service scan took 8.85s to scan 1 service on 1
host.
Starting RPC scan against 207.46.18.30
Host 207.46.18.30 appears to be up ... good.
Interesting ports on 207.46.18.30:
PORT   STATE SERVICE VERSION
80/tcp open  http    Apache httpd 2.0.48 ((Fedora))
Final times for host: srtt: 1095958 rttvar: 1095958 
to: 15000000

Nmap finished: 1 IP address (1 host up) scanned in
26.095 seconds
==============================================================================================

so i look at ethereal log, first packet with TTL 64
and then i got received packet (2nd frame) 
with TTL 62, so i can say that my isp's using
transparent proxy.

is that what u mean with 'look closely to the TTL
values" ?

sorry if i didnt get you, actually there's another
question bout TTL, but im not sure if this 
forum is a right place to ask.

Send instant messages to your online friends http://uk.messenger.yahoo.com



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev