Nmap Development mailing list archives
Re: UDP scanning within Nmap
From: David Fifield <david () bamsoftware com>
Date: Wed, 12 Nov 2014 12:40:42 -0800
On Tue, Nov 11, 2014 at 04:02:00PM -0600, Daniel Miller wrote:
Chris, Thanks for this analysis. My thoughts are inline below: On Mon, Nov 3, 2014 at 9:04 AM, Chris McNab <chris () cloudsoc net> wrote:Hi Dan, Any plans to decouple the two UDP scanning modes in Nmap? i.e. payload scanning (sending real datagrams to service ports and getting responses), and inverse scanning (relying on ICMP responses to infer open ports)Nmap's UDP scan (-sU) uses payloads where they are available, otherwise empty datagrams are sent. The interpretation of responses are the same: ICMP response means closed, UDP response means open, and no response is the ambiguous "open|filtered".
Dan is right. There aren't two different UDP scanning modes. The behavior is always the same: 1. Response packet → open 2. No response → open|filtered 3. ICMP error → closed We send, for some ports, a protocol-specific payload that makes case (1) more likely and case (2) less likely. But it really isn't a different mode. David Fifield _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: UDP scanning within Nmap Daniel Miller (Nov 11)
- Re: UDP scanning within Nmap Chris McNab (Nov 12)
- Re: UDP scanning within Nmap David Fifield (Nov 12)