Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Destination ports in protocol scan

From: David Fifield <david () bamsoftware com>
Date: Sun, 2 Sep 2012 15:48:23 -0700
On Tue, Aug 28, 2012 at 09:07:41PM +0200, Luis MartinGarcia. wrote:

On 08/28/2012 03:06 PM, David Fifield wrote:

Currently, destination ports are set to o.magic_port during protocol
scan. o.magic_port is set by the -g or --source-port options--so it is
actually meant to be a source port and not a destination port.

o.magic_port is used as a source port throughout scan_engine.cc,
including during protocol scan. What this means is that when -g is used,
protocol probes have the same source and destination ports. Is there a
reason for this? Wouldn't we be better off using random destination
ports, or specific ports chosen to be likely to produce a response?


I totally agree. In my opinion, there is no point on choosing some
random destination port number that is likely to be filtered by
middleboxes on the path. According to your "EffectivenessOfPingProbes"
doc, the most common open port is 80, so I think it would make sense to
use that.


I did this in r29714.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: