Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nmap -sT localhost showing ephemeral ports?

From: Daniel Miller <bonsaiviking () gmail com>
Date: Sat, 8 Feb 2014 19:54:10 -0600
I'm pretty sure this has to do with one of the nonstandard TCP
handshake sequences described in the TCP Split Handshake paper here:
http://nmap.org/misc/split-handshake.pdf . I duplicated the result on
Linux 3.2.0 and 3.11.6.

Dan

On Sat, Feb 8, 2014 at 5:33 PM, Kris Katterjohn <katterjohn () gmail com> wrote:

On 02/08/2014 04:09 PM, Jacek Wielemborek wrote:

Hi,

Here's an excerpt from my #nmap IRC log, dates are as in Warsaw local time:


<snip>

=========================================

20:17:03    bonsaiviking $ <ketilmore6>  turns out the nmap -p 1-65000 was
finding open ports by accident because source port sometimes was equal to
destination port. (birthday paradox)
20:17:07    bonsaiviking $ wtf
20:18:58    bonsaiviking $ confirmed on svn r32703
20:19:31    bonsaiviking $ but only with -sT

=========================================

What do you think about it?



I didn't feel like reading the IRC log, but this seems reasonable
enough... I fixed this problem in raw scans a long time ago[1] (r4368).

I'm interested to know how many operating systems do this with
connect().  How many different systems have been tested?


Yours,
Jacek Wielemborek



Cheers,
Kris Katterjohn

[1] http://seclists.org/nmap-dev/2007/q1/87
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: