Nmap Development mailing list archives
RE: nmap on GPRS connection & problem
From: "Jeff Gercken" <JeffG () kizan com>
Date: Tue, 2 Aug 2005 10:27:25 -0400
Are mixed TTL really that unusual? Most networks have multiple paths and, although it's common to statefully load balance, some are likely doing it per packet. I wouldn't make the assumption of a proxy w/o more definitive evidence. -----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of Nils Magnus Sent: Monday, August 01, 2005 6:38 PM To: zaka rias Cc: nmap-dev () insecure org Subject: Re: nmap on GPRS connection & problem Re, On Mon, Aug 01, 2005 at 10:27:41PM +0100, zaka rias wrote:
well im just home user and i have LAN with 3 pcs. Gateaway using xp sp2 and 2 clients using Redhat Fedora (kernel 2.4.20-8).
as: nmap -vvv -sT -sV -T1 -p 80,443 -oN logMS4 -P0 www.microsoft.com Interesting ports on 207.46.18.30: PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.0.50 ((Fedora))
do you know why ? (im using GPRS to connect to the net, maybe this kind of connection block nmap ? or maybe cuz my gateaway using xp sp 2? ?).
I'd assume that your GPRS service provider uses some kind of transparent proxy to handle web requests on 80/tcp. I'd recommend to use tcpdump/tethereal in parallel to the scan to 80 and 443 and look closely to the TTL values. If the TTL value of returning packets differ depending on the port, the port with the higher TTL is closer and thus most probably handled by a proxy (things like policy based routing etc. not taken into account). General thought: It might be handy to have this information available directly in the nmap output, or at least give a warning if the values differ for different ports: Interesting ports on 207.46.18.30: PORT STATE SERVICE TTL VERSION 25/tcp open smtp 53 sendmail 8.1.2 80/tcp open http 61 Apache httpd 2.0.50 ((Fedora)) 443/tcp open https 53 whatever ... Warning: Returning packets have different TTL values and are possibly port-forwarded or transparently proxied. [...] Just an idea, Regards, Nils Magnus Program-Chair LinuxTag 2005 Free Conference Program LinuxTag 2005: Where .com meets .org - magnus () linuxtag org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- nmap on GPRS connection & problem zaka rias (Aug 01)
- Re: nmap on GPRS connection & problem Nils Magnus (Aug 01)
- Re: nmap on GPRS connection & problem Martin Mačok (Aug 01)
- <Possible follow-ups>
- RE: nmap on GPRS connection & problem Jeff Gercken (Aug 02)