Nmap Development mailing list archives
tcpwrapped?
From: "Anssi Porttikivi" <porttikivi () gmail com>
Date: Thu, 13 Dec 2007 15:39:33 +0200
While scanning a certain network I see port 22 listed as SSH, but if I do service detection (-sV) it is detected as "tcpwrapped". Looking with Ethereal it looks to me that the port will do the TCP handshake for me but will then close it down, replying "FIN" to my next packet. Perhaps based on my IP address? So this is like there would be "tcpd" blocking me which there probably is not, but some SSH or PAM based method to cut down all unfit traffic with no error messaging? Does the term "tcpwrapped" refer to this "tcpd" like behaviour? What is the exact triggering, when does nmap say "tcpwrapped"? I looked at the source that sets "tcpwrapped": getServiceDeductions() in portlist.cc. But I could not understand its meaning. -- mailto:app () iki fi skype:gatestone http://gatestone.jaiku.com tel:+358407505155 home:Espoo,Finland _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- tcpwrapped? Anssi Porttikivi (Dec 13)
- Re: tcpwrapped? Rob Nicholls (Dec 13)