Nmap Announce mailing list archives
Re: Scanning for ports in use
From: Rasmus Andersson <rasmus.andersson () abc se>
Date: Thu, 25 Feb 1999 12:59:35 +0100
If something is in use, it's the <myaddr>:<port> to <remoteaddr>:<remoteport> that is in use. It's not relevant to just say "the port is in use". So if I have a telnet session open with my source port 1025, and you scan my port 1025, it is not in use! That is, it's not in use to <youraddr>:<yourport>. Think about the scenario where 5 users go through a webproxy and all of them point their browser to the same web server. On the web server we now have five sessions with the same local address and local port (80) and the same remote address (the proxys'), but they differ in remote port. Now a sixth user connects, and by coincidence he has the same source port as one of the proxys' connections. So on the web server we now have yet another connection with the same local address and local port 80, and also the same remote port as another connection, but this time the remote address is different. /Rasmus Juergen Schmidt wrote:
Hello, has anybody ever tried, if there is a way to distinguish between ports currently in use (not listening, but for example as local port for an active telnet session) and unused port numbers. For example, do they react differently to "strange" packets ? bye, ju -- Juergen Schmidt Redakteur/editor c't magazin Verlag Heinz Heise GmbH & Co KG, Helstorferstr. 7, D-30625 Hannover EMail: ju () ct heise de - Tel.: +49 511 5352 300 - FAX: +49 511 5352 417
Current thread:
- Scanning for ports in use Juergen Schmidt (Feb 24)
- Re: Scanning for ports in use Rasmus Andersson (Feb 25)