Nmap Development mailing list archives
Re: SoC: port state reasons
From: "Eddie Bell" <ejlbell () gmail com>
Date: Sat, 10 Jun 2006 20:37:50 +0200
On 10/06/06, Martin Mačok <martin.macok () underground cz> wrote:
On Fri, Jun 09, 2006 at 03:14:14PM -0700, Fyodor wrote:Also one last question, I am severely limited on what reasons I can get from a connect scan.You should be able to distinguish the RST, SYN/ACK, and no-response cases. You may not be able to distinguish between some of the different ICMP errors so you may have to add an extra reason code for those icmp errors you cannot distinguish.With Connect scan you can't even distinguish between RST and some ICMP Port Unreachable, see http://Xtrmntr.org/ORBman/tmp/nmap/nmap-3.95-CONNECT-closedfiltered.patch
I am having problems with the connect scan, at least on linux. The only data I can determine is connection accepted, connection refused and no response. The code has the ability to recognise other states, such as icmp errors, but it is down the the connect() implementation to return the correct data.
A reason for the host status (e.g. why was the host considered "up" or "down") should be created too. That would presumably use the same set of codes (though you'd have to add one for ARP). It should support the "from" and "ttl" fields where relevant.It would be good to not limit it to just those two fields ... IP ID, MSS, Timestamp or something else could be interesting too.
What about
using p0f for RST packet fingerprinting?
I think including other fields in the xml would be useful but it would make the normal output too cluttered. if other fields were included then passive OS fingerprinting could be done with scripting and a nmap xml log file. Perhaps it could be implemented with the up and coming nmap scripting language :) Martin Mačok
ICT Security Consultant _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
- eddie _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- SoC: port state reasons Eddie Bell (Jun 07)
- Re: SoC: port state reasons Arturo 'Buanzo' Busleiman (Jun 07)
- Re: SoC: port state reasons Fyodor (Jun 09)
- Re: SoC: port state reasons Eddie Bell (Jun 10)
- Re: SoC: port state reasons Martin Mačok (Jun 10)
- Re: SoC: port state reasons Eddie Bell (Jun 10)
- Re: SoC: port state reasons Fyodor (Jun 10)
- Re: SoC: port state reasons Eddie Bell (Jun 10)
- Re: SoC: port state reasons Fyodor (Jun 10)
- Re: SoC: port state reasons Eddie Bell (Jun 10)
- Re: SoC: port state reasons Fyodor (Jun 10)
- Re: SoC: port state reasons Fyodor (Jun 10)