Sorry more questions on nmap operations

[maillist <maillist () securityoveride com>]

In continuing to understand nmap for this video tutorial im making i
came up with some more questions

1) when doing a scan of a specified port like 25 of my host
securityoveride.com

nmap securityoveride.com -p25

nmap sends a DNS
DNS responce received
nmap sends a TCP [ACK] to port 80 on securityoverie.com
nmap ping request
ping reply
nmap DNS query
DNS responce
nmap [SYN] to port 25
[SYN,ACK] received
nmap [RST] to port 25

my question is what is the nmap [ACK] to port 80 for?

2) when doing an nmap -sV securityoveride.com -p25
nmap sends a DNS
DNS responce received
nmap sends a TCP [ACK] to port 80 on securityoverie.com
nmap ping request
ping reply
nmap DNS query
DNS responce
nmap [SYN] to port 25
[SYN,ACK] received
nmap [RST] to port 25
nmap [SYN] to port 25
[SYN,ACK] received
nmap [ACK] to port 25
responce postfix blah blah blah
nmap [ACK] to port 25
namp [FIN,ACK]
[FIN,ACK] received
nmap [ACK] 

my question here is why does nmap send a request [SYN] then a [RST] then
make another request [SYN] for the connection. Why doesn't nmap make the
connection right away? 



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org