Nmap Development mailing list archives
RE: IPv6 host discovery, SYN, incorrectly reporting targets down
From: "Paul Jenkins" <pjenkins () dsci com>
Date: Tue, 6 Oct 2009 15:02:18 -0400
So if I gather this correctly, Windows doesn't send NMAP the ECONNREFUSED, and just drops the request, so NMAP never has the opportunity to register the host as UP. I'm blaming windows since the same scan on the same network from a Linux box which received the ACK/RST, correctly reported the host as UP, which would mean the stack on a Linux box sends the ECONNREFUSED to NMAP. Thank you, Paul -----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of Daniel Roethlisberger Sent: Tuesday, October 06, 2009 3:00 PM To: nmap-dev () insecure org Subject: Re: IPv6 host discovery, SYN, incorrectly reporting targets down Paul Jenkins <pjenkins () dsci com> 2009-10-06:
Host that only respond with RST/ACK flags are reported as down, only hosts that report back with SYN/ACK are reported as up. Command used Nmap -6 -sP -PS22,23,80,443,37227 -iL _____ Using ipv4 addresses in the same environment yields the correct number of hosts "up".
IPv6 TCP ping scans are in fact connect() scans, while for IPv4, a raw TCP SYN scan is used. If your network stack doesn't return ECONNREFUSED on receiving RST/ACK, then Nmap doesn't know the difference between a refused connection and one which failed due to no responses received. -- Daniel Roethlisberger http://daniel.roe.ch/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- IPv6 host discovery, SYN, incorrectly reporting targets down Paul Jenkins (Oct 06)
- Re: IPv6 host discovery, SYN, incorrectly reporting targets down Daniel Roethlisberger (Oct 06)
- <Possible follow-ups>
- RE: IPv6 host discovery, SYN, incorrectly reporting targets down Paul Jenkins (Oct 06)
- Re: IPv6 host discovery, SYN, incorrectly reporting targets down Daniel Roethlisberger (Oct 06)