Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Nmap/netwag problem.
From: <ankush.kapoor () wipro com>
Date: Fri, 12 Aug 2005 17:22:36 +0530

Hping is a pretty good tool. If you seriously feel that the port is
being filtered at a firewall, give firewalk a shot. The paper explaining
it is also very informative ;)


-----Original Message-----
From: Paul J Docherty [mailto:PJD () portcullis-security com]
Sent: Thursday, August 11, 2005 8:38 PM
To: Pete Herzog; Kaj Huisman
Cc: Aleph One; pen-test () securityfocus com; Security-Basics
Subject: RE: Nmap/netwag problem.

Whilst the points you are making are correct once you have discovered
open ports, I think you have raced ahead of the question, which was I
think, "which port scanner is giving the correct results?" As many
others have elegantly answered use a packet sniffer and look at the raw
data to see what's going on. You have raced ahead and are bordering
service discovery rather than port status, as we know there can be any
number of filtering devices between the two ends, however, within TCP,
which is what we are talking about here, an open port will respond to a
syn with a syn/ack.

As for scan methods, I tend to use both syn and full (where time
permits) if time is not the key, I prefer to syn scan first then TCP

With regards answering the questions you could, if you are not happy
with the sniffer options use something like hping2(3) and watch the
flags ie

Hping2 -n -V -S -p (port no.) IP_address


Confidentiality Notice

The information contained in this electronic message and any attachments to this message are intended
for the exclusive use of the addressee(s) and may contain confidential or privileged information. If
you are not the intended recipient, please notify the sender at Wipro or Mailadmin () wipro com immediately
and destroy all copies of this message and any attachments.

FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]