Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: so is nmap connect scan broken?

From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 19 Feb 2015 11:04:53 -0600
Mike,

I'm not really sure what is going on here, but you can help us with a
little debugging output. What is the output of this command?

nmap -n -d2 --packet-trace -sT -p 19,22,23 scanme.nmap.org

It would also help to have the output of your sniffer for this scan (all
packets to and from scanme.nmap.org). I did look into the packet tracing
code, and because of your report, future versions of Nmap will have more
information in the packet trace for Connect scans than the current version.

Dan


On Mon, Feb 9, 2015 at 12:56 AM, Mike . <dmciscobgp () hotmail com> wrote:


ok. so i have done more than a few tests here to confirm this. first off,
this is windows i am on and i am scanning my local router. notice i said
ROUTER and not localhost so i dont get flamed here. i know the limitations
on that for windows. i just started noticing this because i normally dont
do -sT scans. this post must go with that "operation in progress" output
because i feel they go together with this issue. so here is my confirmation
on it being broken. as i scan my router, lets just use a port not open, i
get this with a SYN  coming back as a response



4) 192.168.0.16.46975 > 192.168.0.1.1: S, cksum 0x6272 (correct),
3992783572:399
2783572(0) win 1024 <mss 1460>
IP (tos 0x0, ttl  64, id 28202, offset 0, flags [none], proto: TCP (6),
length:
40) 192.168.0.1.1 > 192.168.0.16.46975: R, cksum 0x7e1b (correct), 0:0(0)
ack 39
92783573 win 0  (notice the reset back)


connect() output :

i get this in nmap           1/tcp filtered tcpmux  no-response
 but notice that packet sniffer output here :

) 192.168.0.16.40137 > 192.168.0.1.1: S, cksum 0xa50e (correct),
1644903897:1644
903897(0) win 8192 <mss 1460,nop,nop,sackOK>
IP (tos 0x0, ttl  64, id 28210, offset 0, flags [none], proto: TCP (6),
length:
40) 192.168.0.1.1 > 192.168.0.16.40137: R, cksum 0xf1be (correct), 0:0(0)
ack 1
win 0

so nmap does not see that reply? anyone feel free to chime in here

m|ke

(btw, this is NOT just on local subnet scanning, this happens even when i
fired off packets to google.com. not only that, but as the scan finishes,
it hangs for about 30 sec-min til close. only on connect it does that)

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: