Nmap Development mailing list archives
Nmap on GPRS and problem II
From: zaka rias <sciensez () yahoo com>
Date: Wed, 3 Aug 2005 03:16:58 +0100 (BST)
Thanks a lot for your reply bout my problem. (i know i should reply to your reply but there's something wrong in my email/browser so i make new topic) You know im just self taught noobie, and my biggest problem is english language. After read your reply bout my problem, i think i should turn 'packet sniffer' on and then look into packets data. You ask me to look closer into 'ttl' (it took 14 hours for me to surf bout 'what's ttl exactly ?'). from rfc and another tutorials that i read i can say in a short that time to live can be thought of as a self destruct time limit (like rfc's said he he). And i guess the ttl is in IP Field (IP Frame/ethereal term) have a look at this ethereal log, i cut unnecceseary thing from real log (but you can find the full log in attachment) : ======================================================================= No.Time Source Destination Prto 15 16.136761 192.168.0.2 207.46.18.30 TCP 2227
http [SYN] Seq=625371507 Ack=0 Win=5840 Len=0
MSS=1460 TSV=4313723 TSER=0 WS=0 Time to live: 64 16 17.232115 207.46.18.30 192.168.0.2 TCP http
2227 [SYN, ACK] Seq=2326028008 Ack=625371508
Win=5792 Len=0 MSS=1460 TSV=2788260086 TSER=4313723 WS=0 Time to live: 62 ====================================================================== and the nmap log look like this : ===================================================================== [root@zacko NMAPlog]# nmap -sT -sV -P0 -T1 -p80 --packet_trace --version_trace -vv 207.46.18.30 -oN mslog1_no_parallel_withST Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-08-03 19:42 WIT Initiating Connect() Scan against 207.46.18.30 [1 port] at 19:42 CONN (16.1380s) TCP localhost > 207.46.18.30:80 => Operation now in progress Discovered open port 80/tcp on 207.46.18.30 The Connect() Scan took 16.11s to scan 1 total ports. Initiating service scan against 1 service on 207.46.18.30 at 19:42 NSOCK (17.2410s) TCP connection requested to 207.46.18.30:80 (IOD #1) EID 8 NSOCK (17.2410s) nsock_loop() started (no timeout). 1 events pending NSOCK (18.8150s) Callback: CONNECT SUCCESS for EID 8 [207.46.18.30:80] NSOCK (18.8150s) Read request from IOD #1 [207.46.18.30:80] (timeout: 5000ms) EID 18 NSOCK (23.8170s) Callback: READ TIMEOUT for EID 18 [207.46.18.30:80] NSOCK (23.8170s) Write request for 18 bytes to IOD #1 EID 27 [207.46.18.30:80]: GET / HTTP/1.0.... NSOCK (23.8170s) Read request from IOD #1 [207.46.18.30:80] (timeout: 5000ms) EID 34 NSOCK (23.8170s) Callback: WRITE SUCCESS for EID 27 [207.46.18.30:80] NSOCK (26.0920s) Callback: READ SUCCESS for EID 34 [207.46.18.30:80] (1448 bytes) The service scan took 8.85s to scan 1 service on 1 host. Starting RPC scan against 207.46.18.30 Host 207.46.18.30 appears to be up ... good. Interesting ports on 207.46.18.30: PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.0.48 ((Fedora)) Final times for host: srtt: 1095958 rttvar: 1095958 to: 15000000 Nmap finished: 1 IP address (1 host up) scanned in 26.095 seconds ============================================================================================== so i look at ethereal log, first packet with TTL 64 and then i got received packet (2nd frame) with TTL 62, so i can say that my isp's using transparent proxy. is that what u mean with 'look closely to the TTL values" ? sorry if i didnt get you, actually there's another question bout TTL, but im not sure if this forum is a right place to ask. Send instant messages to your online friends http://uk.messenger.yahoo.com
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Nmap on GPRS and problem II zaka rias (Aug 02)
- Re: Nmap on GPRS and problem II Nils Magnus (Aug 04)