this is all well and good, but it's not quite as simple as that. what
criteria would you use to define open ports? you would need a much more
robust definition of a scan, including not only the outgoing packets, but
also pertinenet returned packets to define things like port state(open,
closed, filtered), and how icmp packets might look for a response, etc. not
a bad idea, but if you need a quick tool to do something liek this, you
could cook one in an hour or two using libnet/pcap.
Signed,
Ryan
eEye Digital Security Team
http://www.eEye.com
----- Original Message -----
From: "Paul Herman" <pherman_at_frenchfries.net>
To: <nmap-dev_at_insecure.org>
Sent: Monday, December 04, 2000 1:25 AM
Subject: SYN/FIN scans in nmap?
> Hi,
>
> I noticed that nmap doesn't do SYN/FIN scans. Are there plans to
> incorporate this, or has this already been discussed? Thought I'd ask
> before looking into the code.
>
> An idea I had would be to have a custom scan type which allows the
> users to construct their own packets. Something ("-sC" for custom)
> along the lines of:
>
> nmap -p 1-80 -sC "flags=SF tos=0x00 ttl=123" tobescanned.net
>
> -Paul.
>
>
> ---------------------------------------------------------------------
> For help using this (nmap-dev) mailing list, send a blank email to
> nmap-dev-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
>
>
>
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Dec 05 2000
Intro
