Nmap Development mailing list archives
Results when scanning 127/8 as root
From: iroquoi () gmail com
Date: Sat, 30 Aug 2008 20:43:40 +1000
Hi, I noticed the following (abbreviated) results, using nmap as root: fw:~# nmap 127.0.0.1 -p 23 23/tcp closed telnet Nmap done: 1 IP address (1 host up) scanned in 0.056 seconds fw:~# nmap 127.50.50.1 -p 23 23/tcp filtered telnet Nmap done: 1 IP address (1 host up) scanned in 2.330 seconds Note the delay, and the filtered vs. closed result. Here is the abbreviated exchange in wireshark for the second command: 127.0.0.1 -> 127.50.50.1 TCP 56477 > telnet [SYN] 127.50.50.1 -> 127.50.50.1 TCP telnet > 56477 [RST, ACK] 127.0.0.1 -> 127.50.50.1 TCP 56478 > telnet [SYN] 127.50.50.1 -> 127.50.50.1 TCP telnet > 56478 [RST, ACK] It also shows [TCP CHECKSUM INCORRECT] on each response. I'm wondering why the response is to 127.50.50.1, rather than 127.0.0.1. Presumably this is the cause of the delay, and is the reason why nmap shows port 23 as filtered, rather than closed. Would appreciate any insight. Cheers. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Results when scanning 127/8 as root iroquoi (Aug 30)