Penetration Testing mailing list archives
RE: Nmap/netwag problem.
From: "Paul J Docherty" <PJD () portcullis-security com>
Date: Thu, 11 Aug 2005 16:07:41 +0100
Whilst the points you are making are correct once you have discovered open ports, I think you have raced ahead of the question, which was I think, "which port scanner is giving the correct results?" As many others have elegantly answered use a packet sniffer and look at the raw data to see what's going on. You have raced ahead and are bordering service discovery rather than port status, as we know there can be any number of filtering devices between the two ends, however, within TCP, which is what we are talking about here, an open port will respond to a syn with a syn/ack. As for scan methods, I tend to use both syn and full (where time permits) if time is not the key, I prefer to syn scan first then TCP Connect. With regards answering the questions you could, if you are not happy with the sniffer options use something like hping2(3) and watch the flags ie Hping2 -n -V -S -p (port no.) IP_address Paul. -----Original Message----- From: Pete Herzog [mailto:lists () isecom org] Sent: Wednesday, August 10, 2005 8:10 PM To: Kaj Huisman Cc: Aleph One; pen-test () securityfocus com; Security-Basics Subject: Re: Nmap/netwag problem. Kaj,
Anyway. a 'full connect' scan (one that performs the complete
three-way
handshake will _always_ (?) be the most reliable. My sugeestion is to perform either a nmap connect scan on the ports
from
both results or to manually telnet to the ports and see the response.
The best method for scanning is always to verify responses of a service behind the ports by using the proper protocol. Barring that, verify the types of packets which return, the consistency of their return, delays in return, and the TTLs. But using telnet to visit a non-telnet port is no longer a reliable method. ************************************************************* The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Any opinions expressed are those of the individual and do not represent the opinion of the organisation. Access to this email by persons other than the intended recipient is strictly prohibited. If you are not the intended recipient, any disclosure, copying, distribution or other action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email is subject to the terms and conditions expressed in the applicable Portcullis Computer Security Limited terms of business. ************************************************************** ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- Re: Nmap/netwag problem., (continued)
- Re: Nmap/netwag problem. Irene Abezgauz (Aug 11)
- Re: Nmap/netwag problem. Daniel Miessler (Aug 12)
- Re: Nmap/netwag problem. Pete Herzog (Aug 12)
- RE: Nmap/netwag problem. Omar Herrera (Aug 11)
- Re: Nmap/netwag problem. Martin Mačok (Aug 11)
- Re: Nmap/netwag problem. Josh Zlatin-Amishav (Aug 10)
- RE: Nmap/netwag problem. Drage, Nick (Aug 10)
- Re: Nmap/netwag problem. eliudgarcia (Aug 10)
- RE: Nmap/netwag problem. Irene Abezgauz (Aug 11)
- RE: Nmap/netwag problem. laurent . constantin (Aug 11)
- RE: Nmap/netwag problem. Paul J Docherty (Aug 11)
- Re: Nmap/netwag problem. Kaj Huisman (Aug 12)
- Re: Nmap/netwag problem. Fyodor (Aug 12)
- RE: Nmap/netwag problem. ankush.kapoor (Aug 12)
- Re: Nmap/netwag problem. ilaiy (Aug 12)
- RE: Nmap/netwag problem. Paul J Docherty (Aug 15)
- Re: Nmap/netwag problem. Kaj Huisman (Aug 15)