Nmap Development mailing list archives
Nmap does not notice ACK packets
From: Richard van den Berg <richard.vandenberg () ins com>
Date: Sat, 03 Feb 2007 11:35:00 +0100
I am scanning a fairly large network using -sS and I have some hosts respond to nmap's SYN packet with only an ACK. I know this is a strange way to behave for a host. Has anyone ever seens this before? It seems intermittent because when I scan the host a second time, all is good. Even when I craft the exact same packets using hping2, the host will responds with SYN ACK (as it should). The thing is, nmap 4.20 never reacts to these ACK packet. The port shows up as filtered, and is not used to send TCP probes to either. I am not sure what "state" nmap should give to such a port. Maybe open|filtered ? -- Richard van den Berg Senior Consultant, INS E-mail: richard.vandenberg () ins com Mobile: +31 (0)6-52071109 PGP Key ID: 0x6614D2AC Fingerprint: 6829 0AD3 2F49 6D83 B65E E235 B8D3 8299 6614 D2AC _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap does not notice ACK packets Richard van den Berg (Feb 03)
- Re: Nmap does not notice ACK packets Kris Katterjohn (Feb 03)
- Re: Nmap does not notice ACK packets Richard van den Berg (Feb 04)
- Re: Nmap does not notice ACK packets Kris Katterjohn (Feb 04)
- Re: Nmap does not notice ACK packets Richard van den Berg (Feb 04)
- <Possible follow-ups>
- Re: Nmap does not notice ACK packets Mark Boltz (Feb 05)
- Re: Nmap does not notice ACK packets Kris Katterjohn (Feb 05)
- Re: Nmap does not notice ACK packets Hans Nilsson (Feb 06)
- Re: Nmap does not notice ACK packets Kris Katterjohn (Feb 05)
- Re: Nmap does not notice ACK packets Kris Katterjohn (Feb 03)