Re,
On Mon, Aug 01, 2005 at 10:27:41PM +0100, zaka rias wrote:
> well im just home user and i have LAN with 3 pcs.
> Gateaway using xp sp2 and 2 clients using Redhat
> Fedora (kernel 2.4.20-8).
> as: nmap -vvv -sT -sV -T1 -p 80,443 -oN logMS4 -P0
> www.microsoft.com
> Interesting ports on 207.46.18.30:
> PORT STATE SERVICE VERSION
> 80/tcp open http Apache httpd 2.0.50 ((Fedora))
> do you know why ?
>
> (im using GPRS to connect to the net, maybe this kind
> of connection block nmap ? or maybe cuz my gateaway
> using xp sp 2? ?).
I'd assume that your GPRS service provider uses some kind of transparent
proxy to handle web requests on 80/tcp. I'd recommend to use
tcpdump/tethereal in parallel to the scan to 80 and 443 and look closely
to the TTL values. If the TTL value of returning packets differ
depending on the port, the port with the higher TTL is closer and thus
most probably handled by a proxy (things like policy based routing etc.
not taken into account).
General thought: It might be handy to have this information available
directly in the nmap output, or at least give a warning if the values
differ for different ports:
Interesting ports on 207.46.18.30:
PORT STATE SERVICE TTL VERSION
25/tcp open smtp 53 sendmail 8.1.2
80/tcp open http 61 Apache httpd 2.0.50 ((Fedora))
443/tcp open https 53 whatever ...
Warning: Returning packets have different TTL values and are possibly
port-forwarded or transparently proxied.
[...]
Just an idea,
Regards,
Nils Magnus
Program-Chair LinuxTag 2005 Free Conference Program
LinuxTag 2005: Where .com meets .org - magnus_at_linuxtag.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Received on Aug 01 2005
Intro
