Nmap Development mailing list archives
Re: Possible WinPcap problems
From: AgentSmith15 <agentsmith15 () gmail com>
Date: Wed, 3 May 2006 00:05:26 -0500
Sorry for taking so long to reply. Here is the output that you requested... Starting Nmap 4.03 ( http://www.insecure.org/nmap ) at 2006-05-03 00:02 Central Daylight Time SENT (0.3280s) ICMP 192.168.1.101 > 205.217.153.62 Echo request (type=8/code=0) ttl=57 id=8188 iplen=28 SENT (0.3280s) TCP 192.168.1.101:45897 > 205.217.153.62:80 A ttl=51 id=48940 iplen=40 seq=2488350238 win=4096 ack=961623582 RCVD (0.4850s) ICMP 205.217.153.62 > 192.168.1.101 Echo reply (type=0/code=0) ttl=48 id=26573 iplen=28 NSOCK (1.1250s) UDP connection requested to 24.93.41.126:53 (IOD #1) EID 8 NSOCK (1.1250s) Read request from IOD #1 [24.93.41.126:53] (timeout: -1ms) EID 18 NSOCK (1.1250s) UDP connection requested to 24.93.41.125:53 (IOD #2) EID 24 NSOCK (1.1250s) Read request from IOD #2 [24.93.41.125:53] (timeout: -1ms) EID 34 NSOCK (1.1250s) Write request for 45 bytes to IOD #1 EID 43 [24.93.41.126:53]: .............62.153.217.205.in-addr.arpa..... NSOCK (1.1250s) nsock_loop() started (timeout=500ms). 5 events pending NSOCK (1.1250s) Callback: CONNECT SUCCESS for EID 24 [24.93.41.125:53] NSOCK (1.1250s) Callback: CONNECT SUCCESS for EID 8 [24.93.41.126:53] NSOCK (1.1250s) Callback: WRITE SUCCESS for EID 43 [24.93.41.126:53] NSOCK (1.3440s) Callback: READ SUCCESS for EID 18 [24.93.41.126:53] (169 bytes) NSOCK (1.3440s) Read request from IOD #1 [24.93.41.126:53] (timeout: -1ms) EID 50 SENT (1.5000s) TCP 192.168.1.101:45873 > 205.217.153.62:20 S ttl=56 id=51255 iplen=44 seq=514535874 win=1024 SENT (1.5000s) TCP 192.168.1.101:45873 > 205.217.153.62:21 S ttl=58 id=38401 iplen=44 seq=514535874 win=3072 SENT (1.5000s) TCP 192.168.1.101:45873 > 205.217.153.62:22 S ttl=41 id=6430 iplen=44 seq=514535874 win=2048 SENT (1.5000s) TCP 192.168.1.101:45873 > 205.217.153.62:23 S ttl=45 id=39980 iplen=44 seq=514535874 win=2048 SENT (1.5000s) TCP 192.168.1.101:45873 > 205.217.153.62:24 S ttl=38 id=8310 iplen=44 seq=514535874 win=3072 SENT (1.5000s) TCP 192.168.1.101:45873 > 205.217.153.62:25 S ttl=43 id=20778 iplen=44 seq=514535874 win=4096 SENT (1.5000s) TCP 192.168.1.101:45873 > 205.217.153.62:26 S ttl=57 id=47208 iplen=44 seq=514535874 win=2048 RCVD (1.6100s) TCP 205.217.153.62:22 > 192.168.1.101:45873 SA ttl=48 id=0 iplen=44 seq=179519058 win=5840 ack=514535875 RCVD (1.6100s) TCP 205.217.153.62:25 > 192.168.1.101:45873 RA ttl=48 id=0 iplen=40 seq=0 win=0 ack=514535875 SENT (3.0940s) TCP 192.168.1.101:45874 > 205.217.153.62:26 S ttl=57 id=12650 iplen=44 seq=514470339 win=2048 SENT (3.0940s) TCP 192.168.1.101:45874 > 205.217.153.62:24 S ttl=38 id=41054 iplen=44 seq=514470339 win=3072 SENT (3.0940s) TCP 192.168.1.101:45874 > 205.217.153.62:23 S ttl=57 id=57426 iplen=44 seq=514470339 win=2048 SENT (3.0940s) TCP 192.168.1.101:45874 > 205.217.153.62:21 S ttl=42 id=64562 iplen=44 seq=514470339 win=3072 SENT (3.0940s) TCP 192.168.1.101:45874 > 205.217.153.62:20 S ttl=50 id=41532 iplen=44 seq=514470339 win=3072 NSOCK (3.7660s) TCP connection requested to 205.217.153.62:22 (IOD #1) EID 8 NSOCK (3.7660s) nsock_loop() started (no timeout). 1 events pending NSOCK (3.9530s) Callback: CONNECT SUCCESS for EID 8 [205.217.153.62:22] NSOCK (3.9530s) Read request from IOD #1 [205.217.153.62:22] (timeout: 6000ms) EID 18 NSOCK (4.0160s) Callback: READ SUCCESS for EID 18 [205.217.153.62:22] (20 bytes): SSH-2.0-OpenSSH_4.3. Interesting ports on scanme.nmap.org (205.217.153.62): PORT STATE SERVICE VERSION 20/tcp filtered ftp-data 21/tcp filtered ftp 22/tcp open ssh OpenSSH 4.3 (protocol 2.0) 23/tcp filtered telnet 24/tcp filtered priv-mail 25/tcp closed smtp 26/tcp filtered unknown Nmap finished: 1 IP address (1 host up) scanned in 4.032 seconds On 5/2/06, Fyodor <fyodor () insecure org> wrote:
Maybe you have some sort of bizarre transparent proxy sending back syn/ack to every port. This is probably not a WinPcap problem. Would you send us (nmap-dev) the output of the following command? nmap -p20-26 -sV -r --packet-trace scanme.nmap.org Cheers, Fyodor
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Possible WinPcap problems AgentSmith15 (May 01)
- Re: Possible WinPcap problems Fyodor (May 02)
- Message not available
- Re: Possible WinPcap problems AgentSmith15 (May 02)
- Message not available
- Re: Possible WinPcap problems AgentSmith15 (May 02)
- Re: Possible WinPcap problems John Crichton (May 02)
- Re: Possible WinPcap problems 王敬 (May 02)
- Message not available
- Re: Possible WinPcap problems AgentSmith15 (May 04)
- Message not available
- Message not available
- Re: Possible WinPcap problems John Crichton (May 05)
- Re: Possible WinPcap problems Fyodor (May 02)
- Message not available
- Message not available
- Message not available
- Re: Possible WinPcap problems Jamie Gavahan (May 06)