Nmap Development mailing list archives

Re: Possible WinPcap problems

From: AgentSmith15 <agentsmith15 () gmail com>
Date: Wed, 3 May 2006 00:05:26 -0500

Sorry for taking so long to reply. Here is the output that you requested...

Starting Nmap 4.03 ( http://www.insecure.org/nmap ) at 2006-05-03
00:02 Central Daylight Time
SENT (0.3280s) ICMP 192.168.1.101 > 205.217.153.62 Echo request
(type=8/code=0) ttl=57 id=8188 iplen=28
SENT (0.3280s) TCP 192.168.1.101:45897 > 205.217.153.62:80 A ttl=51
id=48940 iplen=40 seq=2488350238 win=4096 ack=961623582
RCVD (0.4850s) ICMP 205.217.153.62 > 192.168.1.101 Echo reply
(type=0/code=0) ttl=48 id=26573 iplen=28
NSOCK (1.1250s) UDP connection requested to 24.93.41.126:53 (IOD #1) EID 8
NSOCK (1.1250s) Read request from IOD #1 [24.93.41.126:53] (timeout:
-1ms) EID 18
NSOCK (1.1250s) UDP connection requested to 24.93.41.125:53 (IOD #2) EID 24
NSOCK (1.1250s) Read request from IOD #2 [24.93.41.125:53] (timeout:
-1ms) EID 34
NSOCK (1.1250s) Write request for 45 bytes to IOD #1 EID 43
[24.93.41.126:53]: .............62.153.217.205.in-addr.arpa.....
NSOCK (1.1250s) nsock_loop() started (timeout=500ms). 5 events pending
NSOCK (1.1250s) Callback: CONNECT SUCCESS for EID 24 [24.93.41.125:53]
NSOCK (1.1250s) Callback: CONNECT SUCCESS for EID 8 [24.93.41.126:53]
NSOCK (1.1250s) Callback: WRITE SUCCESS for EID 43 [24.93.41.126:53]
NSOCK (1.3440s) Callback: READ SUCCESS for EID 18 [24.93.41.126:53] (169 bytes)
NSOCK (1.3440s) Read request from IOD #1 [24.93.41.126:53] (timeout:
-1ms) EID 50
SENT (1.5000s) TCP 192.168.1.101:45873 > 205.217.153.62:20 S ttl=56
id=51255 iplen=44 seq=514535874 win=1024
SENT (1.5000s) TCP 192.168.1.101:45873 > 205.217.153.62:21 S ttl=58
id=38401 iplen=44 seq=514535874 win=3072
SENT (1.5000s) TCP 192.168.1.101:45873 > 205.217.153.62:22 S ttl=41
id=6430 iplen=44 seq=514535874 win=2048
SENT (1.5000s) TCP 192.168.1.101:45873 > 205.217.153.62:23 S ttl=45
id=39980 iplen=44 seq=514535874 win=2048
SENT (1.5000s) TCP 192.168.1.101:45873 > 205.217.153.62:24 S ttl=38
id=8310 iplen=44 seq=514535874 win=3072
SENT (1.5000s) TCP 192.168.1.101:45873 > 205.217.153.62:25 S ttl=43
id=20778 iplen=44 seq=514535874 win=4096
SENT (1.5000s) TCP 192.168.1.101:45873 > 205.217.153.62:26 S ttl=57
id=47208 iplen=44 seq=514535874 win=2048
RCVD (1.6100s) TCP 205.217.153.62:22 > 192.168.1.101:45873 SA ttl=48
id=0 iplen=44 seq=179519058 win=5840 ack=514535875
RCVD (1.6100s) TCP 205.217.153.62:25 > 192.168.1.101:45873 RA ttl=48
id=0 iplen=40 seq=0 win=0 ack=514535875
SENT (3.0940s) TCP 192.168.1.101:45874 > 205.217.153.62:26 S ttl=57
id=12650 iplen=44 seq=514470339 win=2048
SENT (3.0940s) TCP 192.168.1.101:45874 > 205.217.153.62:24 S ttl=38
id=41054 iplen=44 seq=514470339 win=3072
SENT (3.0940s) TCP 192.168.1.101:45874 > 205.217.153.62:23 S ttl=57
id=57426 iplen=44 seq=514470339 win=2048
SENT (3.0940s) TCP 192.168.1.101:45874 > 205.217.153.62:21 S ttl=42
id=64562 iplen=44 seq=514470339 win=3072
SENT (3.0940s) TCP 192.168.1.101:45874 > 205.217.153.62:20 S ttl=50
id=41532 iplen=44 seq=514470339 win=3072
NSOCK (3.7660s) TCP connection requested to 205.217.153.62:22 (IOD #1) EID 8
NSOCK (3.7660s) nsock_loop() started (no timeout). 1 events pending
NSOCK (3.9530s) Callback: CONNECT SUCCESS for EID 8 [205.217.153.62:22]
NSOCK (3.9530s) Read request from IOD #1 [205.217.153.62:22] (timeout:
6000ms) EID 18
NSOCK (4.0160s) Callback: READ SUCCESS for EID 18 [205.217.153.62:22]
(20 bytes): SSH-2.0-OpenSSH_4.3.
Interesting ports on scanme.nmap.org (205.217.153.62):
PORT   STATE    SERVICE   VERSION
20/tcp filtered ftp-data
21/tcp filtered ftp
22/tcp open     ssh       OpenSSH 4.3 (protocol 2.0)
23/tcp filtered telnet
24/tcp filtered priv-mail
25/tcp closed   smtp
26/tcp filtered unknown

Nmap finished: 1 IP address (1 host up) scanned in 4.032 seconds


 On 5/2/06, Fyodor <fyodor () insecure org> wrote:

Maybe you have some sort of bizarre transparent proxy sending back
syn/ack to every port.  This is probably not a WinPcap problem.  Would
you send us (nmap-dev) the output of the following command?

nmap -p20-26 -sV -r --packet-trace scanme.nmap.org

Cheers,
Fyodor



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Current thread:

Possible WinPcap problems AgentSmith15 (May 01)
- Re: Possible WinPcap problems Fyodor (May 02)
  - Message not available
    - Re: Possible WinPcap problems AgentSmith15 (May 02)
  - Re: Possible WinPcap problems AgentSmith15 (May 02)
    - Re: Possible WinPcap problems John Crichton (May 02)
    - Re: Possible WinPcap problems 王敬 (May 02)
    - Message not available
    - Re: Possible WinPcap problems AgentSmith15 (May 04)
    - Message not available
    - Message not available
    - Re: Possible WinPcap problems John Crichton (May 05)
    - Message not available
    - Message not available
    - Message not available
    - Re: Possible WinPcap problems Jamie Gavahan (May 06)