Nmap Development mailing list archives

Re: ACK Scans

From: Philippe Biondi <biondi () cartel-securite fr>
Date: Tue, 27 May 2003 15:19:49 +0200 (CEST)

On Tue, 27 May 2003, Triple Crown wrote:

Philippe Biondi wrote:

On Fri, 23 May 2003, Triple Crown wrote:




Use tcpdump to know exactly what are the sent packets and if they matrch
your expectations.

I've been using tcpdump and I have not found it possible to send an ack 0
with nmap. I don't think the snort rule is of much value for nmap. I
have a good idea
of why the alert was triggered but have a little more research to do.


If you want to generate very specific packets, you can have a look
at scapy :
http://www.cartel-securite.fr/pbiondi/scapy.html


-- 
Philippe Biondi <biondi@ cartel-securite.fr> Cartel Sécurité
Security Consultant/R&D                      http://www.cartel-securite.fr
Phone: +33 1 44 06 97 94                     Fax: +33 1 44 06 97 99
PGP KeyID:3D9A43E2  FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2



---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

Current thread:

ACK Scans Triple Crown (May 23)
- Re: ACK Scans Philippe Biondi (May 25)
  - Re: ACK Scans Triple Crown (May 27)
    - Re: ACK Scans Philippe Biondi (May 27)
- Re: ACK Scans Fyodor (Jun 13)