making nmap video tutorial

[maillist <maillist () securityoveride com>]

Im making a video tutorial on nmap for my website and had a couple of
questions. In the proses of making the video i scanned my own host
securityoveride.com

nmap securityoveride.com

PORT     STATE    SERVICE
25/tcp   open     smtp
1723/tcp clesed   pptp

I thought this was werred because port 80 the web server did not show as
open?

So i scanned again only this time i specified port 80
nmap securityoveride.com -p80

port    state     service
80/tcp   filtered  http

So i did a -sV on port 80
nmap -sV securityoveride.com -p80

port    state    servce   version
80/tcp   open     http     Apache blah blah blah blah

If I do a normal TCP SYN to
that port, I get a SYN/ACK back:
nmap -sP -PS80 --packet-trace securityoveride.com

Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-10 13:24 PST
SENT (0.0770s) TCP 192.168.0.100:35940 > 67.8.97.168:80 S ttl=56 id=6929
iplen=44  seq=1710713162 win=1024 <mss 1460>
RCVD (0.1900s) TCP 67.8.97.168:80 > 192.168.0.100:35940 SA ttl=53 id=0
iplen=44  seq=1848604725 win=5840 ack=1710713163 <mss 1452>

But when an ICMP echo is sent at the same time, I get a RST back
instead:

nmap -sP --packet-trace securityoveride.com

Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-10 13:25 PST
SENT (0.0930s) TCP 192.168.0.100:55576 > 67.8.97.168:80 A ttl=56
id=11940 iplen=40  seq=1525747904 win=1024 ack=440183681 
SENT (0.0930s) ICMP 192.168.0.100 > 67.8.97.168 echo request
(type=8/code=0) ttl=42 id=58077 iplen=28 
RCVD (0.2070s) TCP 67.8.97.168:80 > 192.168.0.100:55576 R ttl=53 id=0
iplen=40  seq=440183681 win=

I was wondering is someone could explain this ?


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org