Date: Wed, 22 Jan 2014 12:03:38 -0500 From: Daniel Malament <danielm@bluetiger.net> To: freebsd-net@freebsd.org Subject: Fwd: nmap not moving on after getting reset packets Message-ID: <CAPuHEr7btsRMi6fo4nH2ObmLuoz3gThVRf%2BLzOKEHH-27=oOVg@mail.gmail.com> In-Reply-To: <CAPuHEr5NgaBn4WunB9QV=iZRgQzFBCX6HbT6Hg%2BaPkZX8-Ctww@mail.gmail.com> References: <CAPuHEr5NgaBn4WunB9QV=iZRgQzFBCX6HbT6Hg%2BaPkZX8-Ctww@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In the course of trying to do some comprehensive scans at work, I discovered the following behavior: nmap on SOURCE: # nmap -Pn -sS -v -n --scan-delay 20ms -p 1-65535 TARGET Starting Nmap 6.25 ( http://nmap.org ) at 2014-01-21 15:18 EST Initiating SYN Stealth Scan at 15:18 Scanning TARGET [65535 ports] Discovered open port 443/tcp on TARGET Discovered open port 80/tcp on TARGET Increasing send delay for TARGET from 20 to 40 due to max_successful_tryno increase to 4 Increasing send delay for TARGET from 40 to 80 due to 11 out of 16 dropped probes since last increase. Increasing send delay for TARGET from 80 to 160 due to max_successful_tryno increase to 5 Increasing send delay for TARGET from 160 to 320 due to 11 out of 29 dropped probes since last increase. SYN Stealth Scan Timing: About 2.67% done; ETC: 15:37 (0:18:51 remaining) [ctrl-c] tcpdump on SOURCE: 13:28:36.188904 IP SOURCE.59292 > TARGET.46181: Flags [S], seq 936512329, win 1024, options [mss 1460], length 0 13:28:36.209829 IP TARGET.46181 > SOURCE.59292: Flags [R.], seq 0, ack 936512330, win 1024, length 0 13:28:36.349905 IP SOURCE.59293 > TARGET.46181: Flags [S], seq 936577864, win 1024, options [mss 1460], length 0 13:28:36.370895 IP TARGET.46181 > SOURCE.59293: Flags [R.], seq 0, ack 936577865, win 1024, length 0 13:28:36.511905 IP SOURCE.59294 > TARGET.46181: Flags [S], seq 936381259, win 1024, options [mss 1460], length 0 13:28:36.537232 IP TARGET.46181 > SOURCE.59294: Flags [R.], seq 0, ack 936381260, win 1024, length 0 13:28:36.673905 IP SOURCE.59295 > TARGET.46181: Flags [S], seq 936446794, win 1024, options [mss 1460], length 0 13:28:36.694258 IP TARGET.46181 > SOURCE.59295: Flags [R.], seq 0, ack 936446795, win 1024, length 0 I'm checking on the nmap lists to see if this is expected behavior, but is it possible that something in the network stack is eating these packets between tcpdump and nmap? This is Nmap 6.25 on FreeBSD 9.2. PS: Adding --max-rtt-timeout 600ms --max-scan-delay 600ms made no difference.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPuHEr7btsRMi6fo4nH2ObmLuoz3gThVRf%2BLzOKEHH-27=oOVg>