Re[2]: nmap+V

[Bo Cato <jcato73 () comcast net>]

I personally would like to see a banner grab added to the list
of nmap options. Actually I'd like it as a default for -sT scans
privileged or unprivileged users.

Coupling it with syn or other scans seems pointless. Obviously you're
not going to get a banner with anything short of a full connect.


Tuesday, September 02, 2003, 11:44:34 AM, you wrote:

J> -----BEGIN PGP SIGNED MESSAGE-----
J> Hash: SHA1

J> On Tuesday 02 September 2003 10:54, Paul Johnston wrote:
> > Hi,
> >
> > > Ah cool. Feature request - be able to do banner grab without doing syn
> > > scan
> > > first to see if open since if you're going to send a syn and then
> > > banner grab
> > > you might as well banner grab in the first place - from memory think
> > > this is
> > > a problem with nmap+V.
> >
> > The syn scan avoids the kernel's tcp implementation and does raw IP
> > itself. After this, it's not generally possible to go back to using the
> > kernel's tcp sockets, without starting the connection from scratch. So
> > to support this nmap would need to contain either a full tcp
> > implementation, or some highly platform specific hack.

J> I think you missed my point. You can simply do a connect(2) to the port in 
J> question and grab the banner rather than doing a SYN scan first and then a 
J> banner grab.

J> - -jamie.

J> -----BEGIN PGP SIGNATURE-----
J> Version: GnuPG v1.0.7 (GNU/Linux)

J> iD8DBQE/VLrm0oWsN6bx+R0RAuYlAJwKKAIQrEFUIYPRkx6RbDc1QWF1SACfSbEE
J> 0w3bDaB2i454VeG8lX+a8H4=
J> =Jqep
J> -----END PGP SIGNATURE-----


J> ---------------------------------------------------------------------
J> For help using this (nmap-dev) mailing list, send a blank email to
J> nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).



---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).