Nmap Development mailing list archives

A little mysterious nmap-Session

From: rembrandt () jpberlin de
Date: Mon, 8 May 2006 15:20:22 +0200 (CEST)
I got some output I can`t identify...

I used nmap 4.03, my OS is OpenBSD 3.9 in 64Bit Mode (amd64) (the
Portupdate was submitted to Ports () openbsd org and I decided to use it
because nmap 3.95 crashed)

I connected from my Notebook (10.10.10.10) to my Workstation (192.168.0.11)
and started to Scan a class B-network.

nmap was started this way: nmap -sS -vvv -sV oA $NET -P0 $NET

After a while I got this output:

All 1674 scanned ports on x.x.x.x are: filtered

SENT (45833.5370s) TCP 192.168.0.11:59260 > x.x.x.142:1514 S ttl=45
id=1569 iplen=44 seq=1711099290 win=2048
SENT (45833.5370s) TCP 192.168.0.11:59262 > x.x.x.144:333 S ttl=42 id=4168
iplen=44 seq=1710443924 win=3072
SENT (45833.5370s) TCP 192.168.0.11:59259 > x.x.x.147:257 S ttl=54 id=3486
iplen=44 seq=1711164825 win=3072
RCVD (45833.5320s) TCP 10.10.10.10:40532 > 192.168.0.11:22 A ttl=63
id=7027 iplen=52 seq=1207579363 win=16080 ack=4153408694
RCVD (45833.5500s) TCP 10.10.10.10:40532 > 192.168.0.11:22 A ttl=63
id=5315 iplen=52 seq=1207579363 win=16208 ack=4153409030
SENT (45833.6470s) TCP 192.168.0.11:59270 > x.x.x.139:21 S ttl=55 id=57854
iplen=44 seq=1677413276 win=4096
SENT (45833.6470s) TCP 192.168.0.11:59261 > x.x.x.138:186 S ttl=48
id=11001 iplen=44 seq=1711033755 win=1024
SENT (45833.6470s) TCP 192.168.0.11:59264 > x.x.x.140:9111 S ttl=44
id=7710 iplen=44 seq=1710312854 win=1024
SENT (45833.6470s) TCP 192.168.0.11:59264 > x.x.x.143:69 S ttl=55 id=1945
iplen=44 seq=1710312854 win=4096
SENT (45833.6470s) TCP 192.168.0.11:59263 > x.x.x.149:1528 S ttl=39
id=53973 iplen=44 seq=1710378389 win=4096
RCVD (45833.6470s) TCP x.x.x.139:21 > 192.168.0.11:59270 SA ttl=64
id=17130 iplen=44 seq=1211525688 win=16384 ack=1677413277
RCVD (45833.6420s) TCP 10.10.10.10:40532 > 192.168.0.11:22 A ttl=63
id=28914 iplen=52 seq=1207579363 win=16224 ack=4153409366
RCVD (45833.6450s) TCP 10.10.10.10:40532 > 192.168.0.11:22 A ttl=63
id=27234 iplen=52 seq=1207579363 win=16096 ack=4153409958
RCVD (45833.6530s) TCP 10.10.10.10:40532 > 192.168.0.11:22 A ttl=63
id=28425 iplen=52 seq=1207579363 win=16080 ack=4153410438
RCVD (45833.6700s) TCP 10.10.10.10:40532 > 192.168.0.11:22 A ttl=63
id=26205 iplen=52 seq=1207579363 win=16208 ack=4153410678
RCVD (45833.6930s) TCP 194.45.27.107:7777 > 192.168.0.11:12757 A ttl=56
id=29235 iplen=64 seq=3072794502 win=17136 ack=4251045306
RCVD (45833.7110s) TCP 10.10.10.10:40532 > 192.168.0.11:22 A ttl=63
id=20192 iplen=52 seq=1207579363 win=16208 ack=4153411030
SENT (45833.7570s) TCP 192.168.0.11:59262 > x.x.x.133:790 S ttl=53 id=8088
iplen=44 seq=1710443924 win=2048
SENT (45833.7570s) TCP 192.168.0.11:59263 > x.x.x.153:1510 S ttl=59 id=470
iplen=44 seq=1710378389 win=4096
SENT (45833.7570s) TCP 192.168.0.11:59258 > x.x.x.128:4480 S ttl=55
id=62400 iplen=44 seq=1711230360 win=4096
RCVD (45833.7510s) TCP 10.10.10.10:40532 > 192.168.0.11:22 A ttl=63
id=7741 iplen=52 seq=1207579363 win=16224 ack=4153411366
RCVD (45833.7700s) TCP 10.10.10.10:40532 > 192.168.0.11:22 A ttl=63
id=8304 iplen=52 seq=1207579363 win=16208 ack=4153411830
RCVD (45833.7970s) TCP 169.252.9.133:21 > 192.168.0.11:46473 SA ttl=64
id=32091 iplen=44 seq=436555142 win=16384 ack=2500396319
RCVD (45833.7910s) TCP 10.10.10.10:40532 > 192.168.0.11:22 A ttl=63
id=1200 iplen=52 seq=1207579363 win=16208 ack=4153412182
SENT (45833.8380s) TCP 192.168.0.11:59264 > x.x.x.136:2603 S ttl=48
id=15780 iplen=44 seq=1710312854 win=1024
RCVD (45833.8320s) TCP 10.10.10.10:40532 > 192.168.0.11:22 A ttl=63
id=3494 iplen=52 seq=1207579363 win=16208 ack=4153412534
RCVD (45833.9590s) ICMP 198.119.56.67 > 192.168.0.11 communication
administratively prohibited by filtering (type=3/code=13) ttl=248 id=52539
iplen=56
RCVD (45833.9620s) TCP 10.10.10.10:40532 > 192.168.0.11:22 A ttl=63
id=1122 iplen=52 seq=1207579363 win=16176 ack=4153412918
SENT (45833.9880s) TCP 192.168.0.11:59454 > x.x.x.130:21 S ttl=43 id=1305
iplen=44 seq=3690722204 win=4096
SENT (45833.9890s) TCP 192.168.0.11:59515 > x.x.x.140:21 S ttl=50 id=7042
iplen=44 seq=2667296412 win=3072
SENT (45833.9890s) TCP 192.168.0.11:59465 > x.x.x.143:21 S ttl=37 id=33696
iplen=44 seq=2902164636 win=2048
SENT (45833.9890s) TCP 192.168.0.11:59264 > x.x.x.139:388 S ttl=57 id=1219
iplen=44 seq=1710312854 win=2048
SENT (45833.9890s) TCP 192.168.0.11:59262 > x.x.x.145:141 S ttl=53
id=13135 iplen=44 seq=1710443924 win=2048
SENT (45833.9890s) TCP 192.168.0.11:59261 > x.x.x.148:449 S ttl=39 id=7734
iplen=44 seq=1711033755 win=4096
SENT (45833.9890s) TCP 192.168.0.11:59264 > x.x.x.149:1528 S ttl=48
id=34613 iplen=44 seq=1710312854 win=1024
SENT (45833.9890s) TCP 192.168.0.11:59258 > x.x.x.151:188 S ttl=43
id=35555 iplen=44 seq=1711230360 win=4096
SENT (45833.9890s) TCP 192.168.0.11:59261 > x.x.x.154:71 S ttl=51 id=24939
iplen=44 seq=1711033755 win=4096

I had serval Scans running (paralel).
After a while the NMAP-Output was normal again.
Could somebody maybe tell me why I got this output except of the "normal
known" stuff? I never saw such an output in all the years I`m using nmap
now so I would like to know about the reasons.

Kind Regards,
Rembrandt



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:

A little mysterious nmap-Session rembrandt (May 08)
- Re: A little mysterious nmap-Session Arturo 'Buanzo' Busleiman (May 08)
- <Possible follow-ups>
- Re: A little mysterious nmap-Session rembrandt (May 08)