Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TCP Split Handshake and Nmap

From: jah <jah () zadkiel plus com>
Date: Tue, 08 Jun 2010 02:58:56 +0100
On 08/06/2010 01:49, Fyodor wrote:


Please apply your patch.  I have just updated the man page to reflect
this change by adding:

  The port is also considered open if a SYN packet (without the ACK
  flag) is received in response.  This can be due to an extremely rare
  TCP feature known as a simultaneous open or split handshake connection
  (see <ulink url="http://nmap.org/misc/split-handshake.pdf"/>).
  


Thank you.  Done in r17897. It would be interesting to hear if anyone
comes across a target that exhibits this behaviour. I'd put money on
Brandon finding some.

Regards,

jah
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: