Nmap Development mailing list archives
Re: so is nmap connect scan broken?
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 19 Feb 2015 11:04:53 -0600
Mike, I'm not really sure what is going on here, but you can help us with a little debugging output. What is the output of this command? nmap -n -d2 --packet-trace -sT -p 19,22,23 scanme.nmap.org It would also help to have the output of your sniffer for this scan (all packets to and from scanme.nmap.org). I did look into the packet tracing code, and because of your report, future versions of Nmap will have more information in the packet trace for Connect scans than the current version. Dan On Mon, Feb 9, 2015 at 12:56 AM, Mike . <dmciscobgp () hotmail com> wrote:
ok. so i have done more than a few tests here to confirm this. first off, this is windows i am on and i am scanning my local router. notice i said ROUTER and not localhost so i dont get flamed here. i know the limitations on that for windows. i just started noticing this because i normally dont do -sT scans. this post must go with that "operation in progress" output because i feel they go together with this issue. so here is my confirmation on it being broken. as i scan my router, lets just use a port not open, i get this with a SYN coming back as a response 4) 192.168.0.16.46975 > 192.168.0.1.1: S, cksum 0x6272 (correct), 3992783572:399 2783572(0) win 1024 <mss 1460> IP (tos 0x0, ttl 64, id 28202, offset 0, flags [none], proto: TCP (6), length: 40) 192.168.0.1.1 > 192.168.0.16.46975: R, cksum 0x7e1b (correct), 0:0(0) ack 39 92783573 win 0 (notice the reset back) connect() output : i get this in nmap 1/tcp filtered tcpmux no-response but notice that packet sniffer output here : ) 192.168.0.16.40137 > 192.168.0.1.1: S, cksum 0xa50e (correct), 1644903897:1644 903897(0) win 8192 <mss 1460,nop,nop,sackOK> IP (tos 0x0, ttl 64, id 28210, offset 0, flags [none], proto: TCP (6), length: 40) 192.168.0.1.1 > 192.168.0.16.40137: R, cksum 0xf1be (correct), 0:0(0) ack 1 win 0 so nmap does not see that reply? anyone feel free to chime in here m|ke (btw, this is NOT just on local subnet scanning, this happens even when i fired off packets to google.com. not only that, but as the scan finishes, it hangs for about 30 sec-min til close. only on connect it does that) _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- so is nmap connect scan broken? Mike . (Feb 08)
- Re: so is nmap connect scan broken? Daniel Miller (Feb 19)