Nmap Development mailing list archives
Re: SoC: port state reasons
From: Fyodor <fyodor () insecure org>
Date: Sat, 10 Jun 2006 13:21:03 -0700
On Sat, Jun 10, 2006 at 12:14:01PM +0200, Martin Mačok wrote:
On Fri, Jun 09, 2006 at 03:14:14PM -0700, Fyodor wrote: With Connect scan you can't even distinguish between RST and some ICMP Port Unreachable, see http://Xtrmntr.org/ORBman/tmp/nmap/nmap-3.95-CONNECT-closedfiltered.patch
Excellent point. So I guess we probably shouldn't map ECONNREFUSED connect() error to the reason "RST". We should probably add a new reason for this. Maybe just "ECONNREFUSED".
It would be good to not limit it to just those two fields ... IP ID, MSS, Timestamp or something else could be interesting too. What about using p0f for RST packet fingerprinting?
Good points. Though if someone wants to get too low-level, they may be better off using --packet-trace and a scan against whichever port they are interested in. Or of course they could use a lower-level tool like hping2. To the extent that any of these fields aren't shown in --packet-trace output, I would be happy to accept a patch which adds them. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Re: SoC: port state reasons, (continued)
- Re: SoC: port state reasons Arturo 'Buanzo' Busleiman (Jun 07)
- Re: SoC: port state reasons Fyodor (Jun 09)
- Re: SoC: port state reasons Eddie Bell (Jun 10)
- Re: SoC: port state reasons Martin Mačok (Jun 10)
- Re: SoC: port state reasons Eddie Bell (Jun 10)
- Re: SoC: port state reasons Fyodor (Jun 10)
- Re: SoC: port state reasons Eddie Bell (Jun 10)
- Re: SoC: port state reasons Fyodor (Jun 10)
- Re: SoC: port state reasons Eddie Bell (Jun 10)
- Re: SoC: port state reasons Fyodor (Jun 10)
- Re: SoC: port state reasons Fyodor (Jun 10)