Nmap Development mailing list archives

Re: Scan stuck on single destination port

From: David Fifield <david () bamsoftware com>
Date: Sun, 21 Aug 2011 22:02:05 -0700

On Sun, Aug 21, 2011 at 05:17:47PM -0400, Mark Lewis wrote:

Hello,

I've got a situation where NMAP is repeatedly sending a SYN packet to the
same destination host with the same destination port.  The command I ran is:

nmap -v -n -ddd -PN -sS -p- --min-hostgroup 16 --max-retries 1
--min-rtt-timeout 50ms --max-rtt-timeout 300ms --initial-rtt-timeout 250ms
--max-scan-delay 10ms xx.xx.xx.xx/28

TcpDump shows the following interaction that has been going on for hours now
and never progresses beyond port 257 of the 10.10.10.70 target host:

17:00:38.814303 IP 192.168.1.4.59840 > 10.10.10.70.257: Flags [S], seq
1349548480, win 3072, options [mss 1460], length 0
17:00:38.824305 IP 10.10.10.70 > 192.168.1.4: ICMP host 10.10.10.70
unreachable, length 36


I'm not sure what's going on. What do you see in the screen output? -ddd
should at least be reporting all the packets sent and received.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Scan stuck on single destination port Mark Lewis (Aug 21)
- Re: Scan stuck on single destination port David Fifield (Aug 21)