In TCP connect scan NMAP attempts to establish a full TCP connection (syn + syn,ack + ack) and then close it (rst,ack).
Looking at the below table we can see that both listening and not listening firewalled ports respond with packets (segments to be more correct) that have the same flags set (rst,ack). NMAP is still able to distinguish the state (filtered vs closed). It must be using some other properties of the packet.
TCP Connect
|
Service State
|
No Firewall
|
Firewall
|
|||
-sT
|
Listening
|
State: Open
|
State: Filtered
|
|||
nmap
target
nmap
nmap
|
SYN
SYN,ACK
ACK
RST,ACK
|
nmap
target
|
SYN
RST,ACK
|
|||
Not Listening
|
State: Closed
|
State: Closed
|
||||
nmap
target
|
SYN
RST,ACK
|
nmap
target
|
SYN
RST,ACK
|
Table info can be found here.
Comments
Post a Comment