Nmap Development mailing list archives
Scan stuck on single destination port
From: Mark Lewis <marklewis1979 () gmail com>
Date: Sun, 21 Aug 2011 17:17:47 -0400
Hello, I've got a situation where NMAP is repeatedly sending a SYN packet to the same destination host with the same destination port. The command I ran is: nmap -v -n -ddd -PN -sS -p- --min-hostgroup 16 --max-retries 1 --min-rtt-timeout 50ms --max-rtt-timeout 300ms --initial-rtt-timeout 250ms --max-scan-delay 10ms xx.xx.xx.xx/28 TcpDump shows the following interaction that has been going on for hours now and never progresses beyond port 257 of the 10.10.10.70 target host: 17:00:38.814303 IP 192.168.1.4.59840 > 10.10.10.70.257: Flags [S], seq 1349548480, win 3072, options [mss 1460], length 0 17:00:38.824305 IP 10.10.10.70 > 192.168.1.4: ICMP host 10.10.10.70 unreachable, length 36 Does anyone know why it would hang on this port rather than giving up on it (--max-retries 1)? The target sits behind a firewall in a DMZ, but so do the rest of the hosts and none of them are having similar issues. Do I have any options to get around this besides specifying a host timeout? I really have no idea how long the scans will take, and I've already burned myself with setting the timeout too low (8 hours was apparently not enough). I'd also prefer to avoid the situation where one of these guys shows up in every scan and I have to wait 20 hours per /28 block! Thanks, -Mark _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Scan stuck on single destination port Mark Lewis (Aug 21)
- Re: Scan stuck on single destination port David Fifield (Aug 21)