Nmap Development mailing list archives
Re: NMAP : Different interpretation of "filtered" ports depending on -sS or -sT options. Bug ?
From: Sébastien CONTRERAS <contrera () EIG UNIGE CH>
Date: Fri, 07 Jan 2005 14:55:07 +0100
Which nmap version do you use? Which OS?
NMAP v3.75 for Windows. OS= Windows XP (tested with SP1 and SP2)I have just done the test with a Linux Fedora Core 2 box running NMAP v3.50, and the output of NMAP is right (port appear as closed independently of the -sS or -sT option).
Someone as done the test on a Linux box running v3.75 ?I also noticed that when I'm using the -sT option, NMAP displays the results only 10 seconds after that the last packet corresponding to the scan has been received (no filters are set in my Ethereal :) ).
This delay of 10 seconds is certainly a symptom of the problem.
Could you run the scans with --packet_trace -vvv -dd ?
1/C:\Program Files\nmap-3.75>nmap -sS -p 135-136 10.1.1.2 --packet_trace -vvv -dd Starting nmap 3.75 ( http://www.insecure.org/nmap ) at 2005-01-07 14:45 W. Europ
e Standard TimeSENT (0.0700s) ICMP 10.1.2.15 > 10.1.1.2 Echo request (type=8/code=0) ttl=39 id=14376 iplen=28 SENT (0.0700s) TCP 10.1.2.15:52513 > 10.1.1.2:80 A ttl=41 id=40004 iplen=40 seq=193398686 win=2048 ack=981927838 RCVD (0.0700s) TCP 10.1.1.2:80 > 10.1.2.15:52513 R ttl=128 id=30865 iplen=40 seq=981927838 win=0 SENT (0.1700s) TCP 10.1.2.15:52490 > 10.1.1.2:136 S ttl=56 id=57714 iplen=40 seq=1309044949 win=1024 SENT (0.1800s) TCP 10.1.2.15:52490 > 10.1.1.2:135 S ttl=52 id=23826 iplen=40 seq=1309044949 win=1024 RCVD (0.1800s) TCP 10.1.1.2:136 > 10.1.2.15:52490 RA ttl=128 id=30866 iplen=40 seq=0 win=0 ack=1309044950 RCVD (0.1800s) TCP 10.1.1.2:135 > 10.1.2.15:52490 SA ttl=128 id=30867 iplen=44 seq=944253991 win=-1 ack=1309044950
PORT STATE SERVICE 135/tcp open msrpc 136/tcp closed profile 2/C:\Program Files\nmap-3.75>nmap -sT -p 135-136 192.168.254.10 --packet_trace -vvv -dd Starting nmap 3.75 ( http://www.insecure.org/nmap ) at 2005-01-07 14:36 W. Europ
e Standard TimeSENT (0.0500s) ICMP 192.168.254.2 > 192.168.254.10 Echo request (type=8/code=0) ttl=55 id=22419 iplen=28 SENT (0.0500s) TCP 192.168.254.2:38842 > 192.168.254.10:80 A ttl=53 id=28263 iplen=40 seq=2870256350 win=2048 ack=1708434142 RCVD (0.0500s) ICMP 192.168.254.10 > 192.168.254.2 Echo reply (type=0/code=0) ttl=128 id=30556 iplen=28
CONN (0.1500s) TCP localhost > 192.168.254.10:136 => Unknown error CONN (0.1600s) TCP localhost > 192.168.254.10:135 => Unknown error CONN (1.2610s) TCP localhost > 192.168.254.10:136 => Unknown error 135/tcp open msrpc 136/tcp filtered profileHope it helps..
---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- NMAP : Different interpretation of "filtered" ports depending on -sS or -sT options. Bug ? Sébastien CONTRERAS (Jan 07)
- Re: NMAP : Different interpretation of "filtered" ports depending on -sS or -sT options. Bug ? Adam Jacob Muller (Jan 07)
- Re: NMAP : Different interpretation of "filtered" ports depending on -sS or -sT options. Bug ? Martin Mačok (Jan 07)
- Re: NMAP : Different interpretation of "filtered" ports depending on -sS or -sT options. Bug ? Sébastien CONTRERAS (Jan 07)
- Re: NMAP : Different interpretation of "filtered" ports depending on -sS or -sT options. Bug ? Martin Mačok (Jan 07)
- Re: NMAP : Different interpretation of "filtered" ports depending on -sS or -sT options. Bug ? Sébastien CONTRERAS (Jan 10)
- Re: NMAP : Different interpretation of "filtered" ports depending on -sS or -sT options. Bug ? Sébastien CONTRERAS (Jan 07)
- <Possible follow-ups>
- Re: NMAP : Different interpretation of "filtered" ports depending on -sS or -sT options. Bug ? Sébastien CONTRERAS (Jan 11)