Nmap Development mailing list archives
Re: SYN/FIN scans in nmap?
From: Paul Herman <pherman () frenchfries net>
Date: Tue, 5 Dec 2000 00:18:58 +0100 (CET)
Hi Ryan, On Mon, 4 Dec 2000, Ryan Permeh wrote:
this is all well and good, but it's not quite as simple as that. what criteria would you use to define open ports? you would need a much more robust definition of a scan, including not only the outgoing packets, but also pertinenet returned packets to define things like port state(open, closed, filtered), and how icmp packets might look for a response, etc. not a bad idea, but if you need a quick tool to do something liek this, you could cook one in an hour or two using libnet/pcap.
Indeed. In the mean time :), I did find something that does just that, hping. As to SYN/FIN: I think that Most Systems (upon receiving a SYN/FIN) reply with a SYN/ACK on an open port, and a RST/ACK on a closed one. Filtered ports seem to either drop the packets or reply with an icmp... In anycase, now that I've found the tool I was looking for, my motivation for delving into the nmap code and comming up with patches has unfortunately receded for the time being. Now just consider me part of the beloved "Idea Brigade" ;-) -Paul. --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- SYN/FIN scans in nmap? Paul Herman (Dec 05)
- Re: SYN/FIN scans in nmap? Ryan Permeh (Dec 05)
- Re: SYN/FIN scans in nmap? Paul Herman (Dec 05)
- Re: SYN/FIN scans in nmap? Fyodor (Dec 05)
- Re: SYN/FIN scans in nmap? Ryan Permeh (Dec 05)