Nmap Development mailing list archives

Re: UDP Scan of a responsive port

From: Martin Mačok <martin.macok () underground cz>
Date: Thu, 30 Nov 2006 10:44:08 +0100

On Wed, Nov 29, 2006 at 08:25:10PM +0100, waldeck () gmx de wrote:

Scanning of a responsive UDP port with nmap 4.11 results in following effect:

IP 192.168.54.1.59311 > 192.168.54.148.7: UDP, length 0
IP 192.168.54.148.7 > 192.168.54.1.59311: UDP, length 0
IP 192.168.54.1 > 192.168.54.148: ICMP 192.168.54.1 udp port 59311 unreachable, length 36

Should not nmap expect an answer and discard the UDP packet?


This is OK. The OS gets the reply too but it doesn't know anything
about the probe so it rejects the packet correctly with ICMP. It is
similar to sending RST's back while scanning with SYN packets (aka
stealth or half-open scanning).

Martin Mačok
ICT Security Consultant

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

UDP Scan of a responsive port waldeck (Nov 29)
- Re: UDP Scan of a responsive port Martin Mačok (Nov 30)