How does nmap determine a port is tcpwrapped?
I am scanning a system and nmap reports about 3/4 of the ports are tcpwrapped. Does anyone know how does nmap determines this? receiving no response to a SYN packet should indicate a firewall probably blocking, thus giving a "Filtered" response. Receiving a RST packet back should indicate a closed port, so what indicates a tcpwrapped port?
|
a tcpwrapped port will go through the full handshake before closing since the wrapper happens after a connect, whereas a closed port gets an immediate reset from the kernel
|
@gsmith: the previous poster's explanation sounds reasonable.
I would also recommend that you observe the packets yourself with tcpdump(8) while performing a scan. Look at the packets for an open port and then compare those with the packets for a "tcpwrapped" port. |
All times are GMT -5. The time now is 02:52 PM. |