This seems more like an nmap problem vice a BT2 problem.
Nmap -PA -PS options - strange behaviour
Hi all,
Following documentation these options are for host discovering:
-PS [portlist] (TCP SYN Ping) This option sends an empty TCP packet with the SYN flag set. The default destination port is 80 but an alternate port can be specified as a parameter.
-PA The TCP ACK ping is quite similar to the just-discussed SYN ping -blah blah blah - The -PA option uses the same default port as the SYN probe (80)
I'm confused, because nmap -PA and -PS are doning SYN Scan instead of PA or PS host discovery.
Results of nmap -PA (PS) host are exactly the same like SYN SCAN.
I've checked traffic with Wireshark and it looks like running these options you are starting to send SYN packets for 1667 ports of destination host.
Even for -PA nmap sending only SYN packets.
B.
PS.
Please resoult of -PA host "discovery"
nmap -PA xxx.yyy
Starting Nmap 4.20 ( ) at 2007-07-20 11:16 CEST
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
Interesting ports on xxx.yyy:
Not shown: 1661 closed ports, 28 filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
113/tcp open auth
587/tcp open submission
This seems more like an nmap problem vice a BT2 problem.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
I've also tested it on FreeBSD 5.5-RELEASE whti the same resould.
If anyone has access to other linux/unix system please test it .
Regards
B
Which seems to confirm that it's an Nmap issue vice a BT2 issue. Might I recommend you the nmap forum/mailing list.Originally Posted by bzdziagwa
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
Does anyone can test -PA and -PS options and let me know ?
I don't want to post something stupid on nmap mailing list
Regards
B
But you feel ok posting "something stupid" here?Does anyone can test -PA and -PS options and let me know ?
I don't want to post something stupid on nmap mailing list
Regards
B
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
Had you considered reading the NMAP manual?Does anyone can test -PA and -PS options and let me know ?
I don't want to post something stupid on nmap mailing list
Regards
B
http://insecure.org/nmap/man/man-briefoptions.html
It would appear it's clearly written that the -PS and the -PA do the exact same thing. Just like what you're seeing.-PS/PA/PU [portlist]: TCP SYN/ACK or UDP discovery to given ports
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
What? your supossed to READ the manual that comes with the software. Whoever heard of such a thing.
Frankly, I find it insulting that he's afraid to ask "something stupid" on the nmap forum/mailing list, but feels quite alright asking the same question here. I surely hope others are as offended as I am.
If it wasn't my 1,000th post, I'd feel even worse...
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
Yep, believe it or not, people actually write manuals for others to read. Otherwise the inturweb tubes would just be clogged with pr0n.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Posting Permissions
