Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Help understanding a trace of an nmap scan
From: Jose Maria Lopez <jkerouac () bgsec com>
Date: 08 Sep 2004 19:35:31 +0200

El lun, 06 de 09 de 2004 a las 16:11, Richard Moore escribió:
I wonder if anyone can help me make sense of this packet trace. It shows 
nmap running a connect scan against port 13 of a host. The part I don't
understand is why there are 3 RST packets sent to the target machine?

It looks as if nmap is sending RST packets until it receives a FIN
packet from the portscanned machine. What options do you use with
nmap to obtain this traffic?

If it helps anyone the target host is a Debian box running 2.4.26 Linux 
kernel and the source machine was a RedHat box running 2.4.7-10. The
version of nmap used is 3.48.


Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac () bgsec com
bgSEC Seguridad y Consultoria de Sistemas Informaticos

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"

Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]