TCP 3 way handshake
Posted
by Tom
on Server Fault
See other posts from Server Fault
or by Tom
Published on 2010-06-09T19:43:58Z
Indexed on
2010/06/10
17:43 UTC
Read the original article
Hit count: 263
tcp
Hi, i'm just observing what NMAP is doing for the 3 ports it reports are open.
I understand what a half-scan attack is, but what's happening doesnt make sense.
NMAP is reporting ports 139 are 445 are open..... all fine.
But when i look at the control bits, NMAP never sends RST once it has found out the port is open, It does this for port 135- but not 139 and 445. This is what happens:
(I HAVE OMITTED THE victim's replies)
Sends a 2 (SYN)
Sends a 16 (ACK)
Sends a 24 (ACK + PST)
Sends a 16 (ACK)
Sends a 17 (ACK + FIN)
I dont get why NMAP doesnt 'RST' ports 139 and 445??
© Server Fault or respective owner