Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TCP SYN scan with FIN

From: Kris Katterjohn <katterjohn () gmail com>
Date: Thu, 14 Dec 2006 08:38:18 -0600
Jan Engelhardt wrote:

Hi,


the nmap -sS scan type sends SYN, gets SYN-ACK and sends RST.
What would probably happen if a FIN was sent instead of RST?


      -`J'


It wouldn't because the kernel sends the RST because of the unsolicited
SYN/ACK (because it doesn't see the SYN we send as an attempt to connect
like through connect()). But if it did it would be just like sending a
FIN packet like in a FIN scan. It wouldn't close the "connection".

-Kris

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: