Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sniffing: all 1000 ports filtered but tracert detects the device...why?

From: SheaO <shea () pobox sk>
Date: Sun, 15 Jan 2012 11:10:21 -0800 (PST)

Great thanks for info I thought traceroute used same method as ping..I will
read that link, thanks a lot man!
 

Dagobert Michelsen-3 wrote:


Hi Shea,

Am 14.01.2012 um 01:42 schrieb SheaO:

Hi this might be a stupid question, im a bit of a newbie here, but maybe
someone can clarify it for me.

Im doing some portscanning with nmap on a IP-address, and get the result
that all ports are closed (even tried using nmap -PN xxx.xxx.xxx.xxx).
When
I run a traceroute to a server on the same network, the router
(xxx.xxx.xxx.xxx) with 1000 filtered ports, shows up! How can it be a
part
of the network if it's ports are all closed? 
Any suggestions? Clarification?


Traceroute uses ICMP (part of the IP protocol) and is based on setting the
TTL of an IP packet and does not rely on open TCP ports. An excellent
description is in Stevens, TCP/IP illustrated:
  http://www.kohala.com/start/tcpipiv1.html


Best regards

  -- Dago

-- 
"You don't become great by trying to be great, you become great by wanting
to do something,
and then doing it so hard that you become great in the process." - xkcd
#896

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/




-- 
View this message in context: 
http://old.nabble.com/Portscan%3A-all-1000-ports-filtered-but-tracert-detects-the-device...why--tp33137777p33144021.html
Sent from the Nmap - Dev mailing list archive at Nabble.com.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: