Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: TCP Split Handshake and Nmap
From: jah <jah () zadkiel plus com>
Date: Tue, 08 Jun 2010 02:58:56 +0100

On 08/06/2010 01:49, Fyodor wrote:

Please apply your patch.  I have just updated the man page to reflect
this change by adding:

  The port is also considered open if a SYN packet (without the ACK
  flag) is received in response.  This can be due to an extremely rare
  TCP feature known as a simultaneous open or split handshake connection
  (see <ulink url="http://nmap.org/misc/split-handshake.pdf"/>).

Thank you.  Done in r17897. It would be interesting to hear if anyone
comes across a target that exhibits this behaviour. I'd put money on
Brandon finding some.


Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]