Nmap Development mailing list archives
Re: TCP Split Handshake and Nmap
From: jah <jah () zadkiel plus com>
Date: Tue, 08 Jun 2010 02:58:56 +0100
On 08/06/2010 01:49, Fyodor wrote:
Please apply your patch. I have just updated the man page to reflect this change by adding: The port is also considered open if a SYN packet (without the ACK flag) is received in response. This can be due to an extremely rare TCP feature known as a simultaneous open or split handshake connection (see <ulink url="http://nmap.org/misc/split-handshake.pdf"/>).
Thank you. Done in r17897. It would be interesting to hear if anyone comes across a target that exhibits this behaviour. I'd put money on Brandon finding some. Regards, jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- TCP Split Handshake and Nmap jah (Jun 02)
- what is ER_INITACK? jah (Jun 02)
- Re: TCP Split Handshake and Nmap Fyodor (Jun 03)
- Re: TCP Split Handshake and Nmap Fyodor (Jun 03)
- Re: TCP Split Handshake and Nmap jah (Jun 04)
- Re: TCP Split Handshake and Nmap Fyodor (Jun 07)
- Re: TCP Split Handshake and Nmap jah (Jun 07)
- Re: TCP Split Handshake and Nmap David Fifield (Jun 08)
- Re: TCP Split Handshake and Nmap jah (Jun 08)
- Re: TCP Split Handshake and Nmap David Fifield (Jun 08)
- Re: TCP Split Handshake and Nmap Fyodor (Jun 10)