Nmap Development mailing list archives
Re: Sniffing: all 1000 ports filtered but tracert detects the device...why?
From: Dagobert Michelsen <dam () opencsw org>
Date: Sun, 15 Jan 2012 20:17:31 +0100
Hi Shea, Am 15.01.2012 um 20:10 schrieb SheaO:
Great thanks for info I thought traceroute used same method as ping.
In fact "ping" uses ICMP echo and does also not require any open TCP ports.
I will read that link, thanks a lot man!
The link references a book which is unfortunately not online, but the page from the author. You may be able to google for an online version, but I suggest buying the book as it is one of the rare books you can grab out of the shelve every once in a while and always read with great enjoyment and insight. Best regards -- Dago
Dagobert Michelsen-3 wrote:Hi Shea, Am 14.01.2012 um 01:42 schrieb SheaO:Hi this might be a stupid question, im a bit of a newbie here, but maybe someone can clarify it for me. Im doing some portscanning with nmap on a IP-address, and get the result that all ports are closed (even tried using nmap -PN xxx.xxx.xxx.xxx). When I run a traceroute to a server on the same network, the router (xxx.xxx.xxx.xxx) with 1000 filtered ports, shows up! How can it be a part of the network if it's ports are all closed? Any suggestions? Clarification?Traceroute uses ICMP (part of the IP protocol) and is based on setting the TTL of an IP packet and does not rely on open TCP ports. An excellent description is in Stevens, TCP/IP illustrated: http://www.kohala.com/start/tcpipiv1.html Best regards -- Dago -- "You don't become great by trying to be great, you become great by wanting to do something, and then doing it so hard that you become great in the process." - xkcd #896 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/-- View this message in context: http://old.nabble.com/Portscan%3A-all-1000-ports-filtered-but-tracert-detects-the-device...why--tp33137777p33144021.html Sent from the Nmap - Dev mailing list archive at Nabble.com. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
-- "You don't become great by trying to be great, you become great by wanting to do something, and then doing it so hard that you become great in the process." - xkcd #896 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Portscan: all 1000 ports filtered but tracert detects the device...why? SheaO (Jan 14)
- Re: Sniffing: all 1000 ports filtered but tracert detects the device...why? Dagobert Michelsen (Jan 15)
- Re: Sniffing: all 1000 ports filtered but tracert detects the device...why? SheaO (Jan 15)
- Re: Sniffing: all 1000 ports filtered but tracert detects the device...why? Dagobert Michelsen (Jan 15)
- Re: Sniffing: all 1000 ports filtered but tracert detects the device...why? SheaO (Jan 15)
- Re: Sniffing: all 1000 ports filtered but tracert detects the device...why? Dagobert Michelsen (Jan 15)