Nmap Development mailing list archives
Re: Destination ports in protocol scan
From: David Fifield <david () bamsoftware com>
Date: Sun, 2 Sep 2012 15:48:23 -0700
On Tue, Aug 28, 2012 at 09:07:41PM +0200, Luis MartinGarcia. wrote:
On 08/28/2012 03:06 PM, David Fifield wrote:Currently, destination ports are set to o.magic_port during protocol scan. o.magic_port is set by the -g or --source-port options--so it is actually meant to be a source port and not a destination port. o.magic_port is used as a source port throughout scan_engine.cc, including during protocol scan. What this means is that when -g is used, protocol probes have the same source and destination ports. Is there a reason for this? Wouldn't we be better off using random destination ports, or specific ports chosen to be likely to produce a response?I totally agree. In my opinion, there is no point on choosing some random destination port number that is likely to be filtered by middleboxes on the path. According to your "EffectivenessOfPingProbes" doc, the most common open port is 80, so I think it would make sense to use that.
I did this in r29714. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Destination ports in protocol scan David Fifield (Aug 28)
- Re: Destination ports in protocol scan Luis MartinGarcia. (Aug 28)
- Re: Destination ports in protocol scan David Fifield (Sep 02)
- Re: Destination ports in protocol scan Luis MartinGarcia. (Aug 28)