Nmap Development: Re: SYN/FIN scans in nmap?

["Ryan Permeh" <ryan () eEye com>]

this is all well and good, but it's not quite as simple as that.  what
criteria would you use to define open ports?  you would need a much more
robust definition of a scan, including not only the outgoing packets, but
also pertinenet returned packets to define things like port state(open,
closed, filtered), and how icmp packets might look for a response, etc.  not
a bad idea, but if you need a quick tool to do something liek this, you
could cook one in an hour or two using libnet/pcap.

Signed,
Ryan
eEye Digital Security Team
http://www.eEye.com

----- Original Message -----
From: "Paul Herman" <pherman () frenchfries net>
To: <nmap-dev () insecure org>
Sent: Monday, December 04, 2000 1:25 AM
Subject: SYN/FIN scans in nmap?


> Hi,
>
> I noticed that nmap doesn't do SYN/FIN scans.  Are there plans to
> incorporate this, or has this already been discussed?  Thought I'd ask
> before looking into the code.
>
> An idea I had would be to have a custom scan type which allows the
> users to construct their own packets.  Something ("-sC" for custom)
> along the lines of:
>
>   nmap -p 1-80 -sC "flags=SF tos=0x00 ttl=123" tobescanned.net
>
> -Paul.
>
>
> ---------------------------------------------------------------------
> For help using this (nmap-dev) mailing list, send a blank email to
> nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).