PROBE_NMAP_TCP_PING

[Kahleong Fong <kahleong_fong () yahoo com sg>]

[ Redirected from nmap-hackers to nmap-dev -Fyodor ]

Hi all,

I need to know to the above, IDS28. Does nmap allowed
ipid sequence to be set to some specific values? I am
seeing a 666 ipid values in my snort log for this
IDS28. I do not see any flags in nmap that can allow
us to do so.  I noted a ack flag with src port of 80
and destination port 80. I can only simulate with nmap
using -sA -PT -n -g80.  However this will scan all tcp
ports on the target which is not observed the case
here.

What is the difference between -PT and -sA ? Both seem
to do the same according to the man page, however when
I used with only -PT, the 1st pkt is of ack flag set
while the second pkt onwards are all default to syn
flag. I can use -sA to do an ack scan of src port 80.

However these -sA and -PT will send alot of sequences
of pkt probing all the ports which is not what is
being observed here. Only one ack pkt was sent. 

Any ideas to what tools he might be using or what
option he set with nmap?


please advise
thanks very much inadvance.





__________________________________________________
Do You Yahoo!?
Send free SMS from your PC!
http://sg.sms.yahoo.com



---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).