Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Help understanding a trace of an nmap scan

from [Richard Moore] Network Security [Permanent Link]
Subject: Help understanding a trace of an nmap scan
Date: Mon, 06 Sep 2004 15:11:07 +0100
I wonder if anyone can help me make sense of this packet trace. It shows nmap running a connect scan against port 13 of a host. The part I don't
understand is why there are 3 RST packets sent to the target machine?

If it helps anyone the target host is a Debian box running 2.4.26 Linux kernel and the source machine was a RedHat box running 2.4.7-10. The
version of nmap used is 3.48.

Cheers

Rich.
--
Richard Moore, Principle Software Engineer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031

14:16:23.098150 host.name.deleted > other.host.name: icmp: echo request
14:16:23.108150 host.name.deleted.45639 > other.host.name.http: . ack 901588830 
win 1024
14:16:23.108150 other.host.name > host.name.deleted: icmp: echo reply
14:16:23.108150 other.host.name.http > host.name.deleted.45639: R 
901588830:901588830(0) win 0 (DF)
14:16:23.428150 host.name.deleted.1073 > other.host.name.daytime: S 
2950063922:2950063922(0) win 5840 <mss 1460,sackOK,timestamp 51097216 
0,nop,wscale 0> (DF)
14:16:23.438150 other.host.name.daytime > host.name.deleted.1073: S 
1866105343:1866105343(0) ack 2950063923 win 5792 <mss 1460,sackOK,timestamp 
138541011 51097216,nop,wscale 0> (DF)
14:16:23.438150 host.name.deleted.1073 > other.host.name.daytime: . ack 1 win 
5840 <nop,nop,timestamp 51097217 138541011> (DF)
14:16:23.438150 host.name.deleted.1073 > other.host.name.daytime: R 1:1(0) ack 
1 win 5840 <nop,nop,timestamp 51097217 138541011> (DF)
Interesting ports on other.host.name (194.153.168.235):
14:16:23.448150 other.host.name.daytime > host.name.deleted.1073: P 1:27(26) 
ack 1 win 5792 <nop,nop,timestamp 138541012 51097217> (DF)
14:16:23.448150 host.name.deleted.1073 > other.host.name.daytime: R 
2950063923:2950063923(0) win 0 (DF)
14:16:23.448150 other.host.name.daytime > host.name.deleted.1073: F 27:27(0) 
ack 1 win 5792 <nop,nop,timestamp 138541012 51097217> (DF)
14:16:23.448150 host.name.deleted.1073 > other.host.name.daytime: R 
2950063923:2950063923(0) win 0 (DF)


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Tool to find hidden web proxy server, Thomas Loch
Next by Date:  Re: [Dailydave] RE: Network Exploitation Tools aka ExploitationEngines, Matt Hargett
Previous by Thread:  Windows 2003 HAck, Daniel Regalado Arias
Next by Thread:  RE: Help understanding a trace of an nmap scan, Omar Herrera
Indexes:  [Date] [Thread] [Top] [All Lists]