Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sniffing: all 1000 ports filtered but tracert detects the device...why?

From: Dagobert Michelsen <dam () opencsw org>
Date: Sun, 15 Jan 2012 19:55:47 +0100
Hi Shea,

Am 14.01.2012 um 01:42 schrieb SheaO:

Hi this might be a stupid question, im a bit of a newbie here, but maybe
someone can clarify it for me.

Im doing some portscanning with nmap on a IP-address, and get the result
that all ports are closed (even tried using nmap -PN xxx.xxx.xxx.xxx). When
I run a traceroute to a server on the same network, the router
(xxx.xxx.xxx.xxx) with 1000 filtered ports, shows up! How can it be a part
of the network if it's ports are all closed? 
Any suggestions? Clarification?


Traceroute uses ICMP (part of the IP protocol) and is based on setting the
TTL of an IP packet and does not rely on open TCP ports. An excellent
description is in Stevens, TCP/IP illustrated:
  http://www.kohala.com/start/tcpipiv1.html


Best regards

  -- Dago

-- 
"You don't become great by trying to be great, you become great by wanting to do something,
and then doing it so hard that you become great in the process." - xkcd #896

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: