Nmap Development mailing list archives
PROBE_NMAP_TCP_PING
From: Kahleong Fong <kahleong_fong () yahoo com sg>
Date: Wed, 9 Jul 2003 12:35:26 -0700
[ Redirected from nmap-hackers to nmap-dev -Fyodor ] Hi all, I need to know to the above, IDS28. Does nmap allowed ipid sequence to be set to some specific values? I am seeing a 666 ipid values in my snort log for this IDS28. I do not see any flags in nmap that can allow us to do so. I noted a ack flag with src port of 80 and destination port 80. I can only simulate with nmap using -sA -PT -n -g80. However this will scan all tcp ports on the target which is not observed the case here. What is the difference between -PT and -sA ? Both seem to do the same according to the man page, however when I used with only -PT, the 1st pkt is of ack flag set while the second pkt onwards are all default to syn flag. I can use -sA to do an ack scan of src port 80. However these -sA and -PT will send alot of sequences of pkt probing all the ports which is not what is being observed here. Only one ack pkt was sent. Any ideas to what tools he might be using or what option he set with nmap? please advise thanks very much inadvance. __________________________________________________ Do You Yahoo!? Send free SMS from your PC! http://sg.sms.yahoo.com --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- PROBE_NMAP_TCP_PING Kahleong Fong (Jul 09)