TCP 3 way handshake
- by Tom
Hi, i'm just observing what NMAP is doing for the 3 ports it reports are open.
I understand what a half-scan attack is, but what's happening doesnt make sense.
NMAP is reporting ports 139 are 445 are open..... all fine.
But when i look at the control bits, NMAP never sends RST once it has found out the port is open, It does this for port 135- but not 139 and 445. This is what happens:
(I HAVE OMITTED THE victim's replies)
Sends a 2 (SYN)
Sends a 16 (ACK)
Sends a 24 (ACK + PST)
Sends a 16 (ACK)
Sends a 17 (ACK + FIN)
I dont get why NMAP doesnt 'RST' ports 139 and 445??