Re: Nmap/netwag problem.

From: Kaj Huisman (kaj.huisman@gmail.com)
Date: Wed Aug 10 2005 - 08:25:18 EDT


Aleph One wrote:
> Hi all,
> I faced a problem running two tools producing totally different results.
> What i did is described as ...I ran nmap on a IP with these parameters
> : syn scan,dont ping,very verbose ,aggressive scan..it showed ports 80
> n 1723 filtered.I ran this scan from Linux box.
> Same time ,i used netwag to scansame ip which showed these ports open.
>
> What can be the problem..??please help.
>
> Aleph
>
A nmap syn scan does not initiate a full connection, it sends a syn in
the hope it will recieve a syn-ack to wich it will then respond with a
rst (iirc).
I could not directly extract from the netwox site what type of scan they
utilise (perhaps a 'full connect' scan ?).

Anyway. a 'full connect' scan (one that performs the complete three-way
handshake will _always_ (?) be the most reliable.
My sugeestion is to perform either a nmap connect scan on the ports from
both results or to manually telnet to the ports and see the response.

Hope that helps, G'Day
Kaj

PS: The manual page for nmap contains more information about how
different scans produce different reports, the protocols are just
guidelines for the manufacturers, implementations may vary.

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:43 EDT