Nmap Development mailing list archives
Re: Sorry more questions on nmap operations
From: "Michael Pattrick" <mpattrick () rhinovirus org>
Date: Sun, 11 Jan 2009 12:41:45 -0500
On Sun, Jan 11, 2009 at 12:20 PM, maillist <maillist () securityoveride com> wrote:
In continuing to understand nmap for this video tutorial im making i came up with some more questions 1) when doing a scan of a specified port like 25 of my host securityoveride.com -snip- my question is what is the nmap [ACK] to port 80 for?
It is a ping technique useful for hosts that block ICMP packets, the correct behavior for a host receiving an ACK packet without the first two steps of the TCP handshake occurring is to send an RST packet. However, some firewalls jsut drop unexpected ACK packets. You can read more about this at [0]
2) when doing an nmap -sV securityoveride.com -p25 -snip- my question here is why does nmap send a request [SYN] then a [RST] then make another request [SYN] for the connection. Why doesn't nmap make the connection right away?
I would assume that is to avoid TCP resource exhaustion, nmap generally tries to be nice and avoids doing things by default that could crash or DoS a target computer. [0] http://nmap.org/book/man-host-discovery.html#id335942 -- Michael Pattrick http://www.rhinovirus.org/math _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Sorry more questions on nmap operations maillist (Jan 11)
- Re: Sorry more questions on nmap operations Michael Pattrick (Jan 11)