Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

nmap not moving on after getting reset packets

From: Daniel Malament <danielm () bluetiger net>
Date: Tue, 21 Jan 2014 15:22:28 -0500
In the course of trying to do some comprehensive scans at work, I
discovered the following behavior:

nmap on SOURCE:
# nmap -Pn -sS -v -n --scan-delay 20ms -p 1-65535 TARGET

Starting Nmap 6.25 ( http://nmap.org ) at 2014-01-21 15:18 EST
Initiating SYN Stealth Scan at 15:18
Scanning TARGET [65535 ports]
Discovered open port 443/tcp on TARGET
Discovered open port 80/tcp on TARGET
Increasing send delay for TARGET from 20 to 40 due to
max_successful_tryno increase to 4
Increasing send delay for TARGET from 40 to 80 due to 11 out of 16
dropped probes since last increase.
Increasing send delay for TARGET from 80 to 160 due to
max_successful_tryno increase to 5
Increasing send delay for TARGET from 160 to 320 due to 11 out of 29
dropped probes since last increase.
SYN Stealth Scan Timing: About 2.67% done; ETC: 15:37 (0:18:51 remaining)
[ctrl-c]

tcpdump on SOURCE:
13:28:36.188904 IP SOURCE.59292 > TARGET.46181: Flags [S], seq
936512329, win 1024, options [mss 1460], length 0
13:28:36.209829 IP TARGET.46181 > SOURCE.59292: Flags [R.], seq 0, ack
936512330, win 1024, length 0
13:28:36.349905 IP SOURCE.59293 > TARGET.46181: Flags [S], seq
936577864, win 1024, options [mss 1460], length 0
13:28:36.370895 IP TARGET.46181 > SOURCE.59293: Flags [R.], seq 0, ack
936577865, win 1024, length 0
13:28:36.511905 IP SOURCE.59294 > TARGET.46181: Flags [S], seq
936381259, win 1024, options [mss 1460], length 0
13:28:36.537232 IP TARGET.46181 > SOURCE.59294: Flags [R.], seq 0, ack
936381260, win 1024, length 0
13:28:36.673905 IP SOURCE.59295 > TARGET.46181: Flags [S], seq
936446794, win 1024, options [mss 1460], length 0
13:28:36.694258 IP TARGET.46181 > SOURCE.59295: Flags [R.], seq 0, ack
936446795, win 1024, length 0

Is it expected for nmap to continue to scan the same port after
getting a RST, or is something in the network stack eating these
packets between tcpdump and nmap?  This is Nmap 6.25 on FreeBSD 9.2.

PS: Adding --max-rtt-timeout 600ms --max-scan-delay 600ms made no difference.
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: