|
Nmap Development
mailing list archives
Re: NMAP : Different interpretation of "filtered" ports depending on -sS or -sT options. Bug ?
From: Sébastien CONTRERAS <contrera () EIG UNIGE CH>
Date: Fri, 07 Jan 2005 14:55:07 +0100
Which nmap version do you use? Which OS?
NMAP v3.75 for Windows. OS= Windows XP (tested with SP1 and SP2)
I have just done the test with a Linux Fedora Core 2 box running NMAP v3.50,
and the output of NMAP is right (port appear as closed independently of
the -sS or -sT option).
Someone as done the test on a Linux box running v3.75 ?
I also noticed that when I'm using the -sT option, NMAP displays the results
only 10 seconds after that the last packet corresponding to the scan has
been received (no filters are set in my Ethereal :) ).
This delay of 10 seconds is certainly a symptom of the problem.
Could you run the scans with --packet_trace -vvv -dd ?
1/
C:\Program Files\nmap-3.75>nmap -sS -p 135-136
10.1.1.2 --packet_trace -vvv -dd
Starting nmap 3.75 ( http://www.insecure.org/nmap ) at 2005-01-07 14:45 W.
Europ
e Standard Time
SENT (0.0700s) ICMP 10.1.2.15 > 10.1.1.2 Echo request (type=8/code=0) ttl=39
id=14376 iplen=28
SENT (0.0700s) TCP 10.1.2.15:52513 > 10.1.1.2:80 A ttl=41 id=40004 iplen=40
seq=193398686 win=2048 ack=981927838
RCVD (0.0700s) TCP 10.1.1.2:80 > 10.1.2.15:52513 R ttl=128 id=30865 iplen=40
seq=981927838 win=0
SENT (0.1700s) TCP 10.1.2.15:52490 > 10.1.1.2:136 S ttl=56 id=57714 iplen=40
seq=1309044949 win=1024
SENT (0.1800s) TCP 10.1.2.15:52490 > 10.1.1.2:135 S ttl=52 id=23826 iplen=40
seq=1309044949 win=1024
RCVD (0.1800s) TCP 10.1.1.2:136 > 10.1.2.15:52490 RA ttl=128 id=30866
iplen=40 seq=0 win=0 ack=1309044950
RCVD (0.1800s) TCP 10.1.1.2:135 > 10.1.2.15:52490 SA ttl=128 id=30867
iplen=44 seq=944253991 win=-1 ack=1309044950
PORT STATE SERVICE
135/tcp open msrpc
136/tcp closed profile
2/
C:\Program Files\nmap-3.75>nmap -sT -p 135-136
192.168.254.10 --packet_trace -vvv -dd
Starting nmap 3.75 ( http://www.insecure.org/nmap ) at 2005-01-07 14:36 W.
Europ
e Standard Time
SENT (0.0500s) ICMP 192.168.254.2 > 192.168.254.10 Echo request
(type=8/code=0) ttl=55 id=22419 iplen=28
SENT (0.0500s) TCP 192.168.254.2:38842 > 192.168.254.10:80 A ttl=53 id=28263
iplen=40 seq=2870256350 win=2048 ack=1708434142
RCVD (0.0500s) ICMP 192.168.254.10 > 192.168.254.2 Echo reply
(type=0/code=0) ttl=128 id=30556 iplen=28
CONN (0.1500s) TCP localhost > 192.168.254.10:136 => Unknown error
CONN (0.1600s) TCP localhost > 192.168.254.10:135 => Unknown error
CONN (1.2610s) TCP localhost > 192.168.254.10:136 => Unknown error
135/tcp open msrpc
136/tcp filtered profile
Hope it helps..
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List archive: http://seclists.org
 By Date 
By Thread
Current thread:
Re: NMAP : Different interpretation of "filtered" ports depending on -sS or -sT options. Bug ? Sébastien CONTRERAS (Jan 11)
| 
Intro
