PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-05 22:19:03 +00:00
Code Issues Projects Releases Wiki Activity

Update the refguide (man page) to note our new (soon-to-be) support for TCP simultaneous-open/split-handshake connections

Browse Source
This commit is contained in:
fyodor
2010-06-08 00:47:08 +00:00
parent 58e1d664a6
commit 77ef606d52
2 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/nmap.1
View File

@@ -2,12 +2,12 @@
.\" Title: nmap
.\" Author: [see the "Author" section]
.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
.\" Date: 05/28/2010
.\" Date: 06/07/2010
.\" Manual: Nmap Reference Guide
.\" Source: Nmap
.\" Language: English
.\"
.TH "NMAP" "1" "05/28/2010" "Nmap" "Nmap Reference Guide"
.TH "NMAP" "1" "06/07/2010" "Nmap" "Nmap Reference Guide"
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
@@ -659,13 +659,14 @@ is a prominent character in the scan name, usually the first\&. The one exceptio
.PP
\fB\-sS\fR (TCP SYN scan) .\" -sS .\" SYN scan
.RS 4
SYN scan is the default and most popular scan option for good reasons\&. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls\&. SYN scan is relatively unobtrusive and stealthy, since it never completes TCP connections\&. It also works against any compliant TCP stack rather than depending on idiosyncrasies of specific platforms as Nmap\'s FIN/NULL/Xmas, Maimon and idle scans do\&. It also allows clear, reliable differentiation between the
SYN scan is the default and most popular scan option for good reasons\&. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls\&. It is also relatively unobtrusive and stealthy since it never completes TCP connections\&. SYN scan works against any compliant TCP stack rather than depending on idiosyncrasies of specific platforms as Nmap\'s FIN/NULL/Xmas, Maimon and idle scans do\&. It also allows clear, reliable differentiation between the
open,
closed, and
filtered
states\&.
.sp
This technique is often referred to as half\-open scanning, because you don\'t open a full TCP connection\&. You send a SYN packet, as if you are going to open a real connection and then wait for a response\&. A SYN/ACK indicates the port is listening (open), while a RST (reset) is indicative of a non\-listener\&. If no response is received after several retransmissions, the port is marked as filtered\&. The port is also marked filtered if an ICMP unreachable error (type 3, code 1, 2, 3, 9, 10, or 13) is received\&.
This technique is often referred to as half\-open scanning, because you don\'t open a full TCP connection\&. You send a SYN packet, as if you are going to open a real connection and then wait for a response\&. A SYN/ACK indicates the port is listening (open), while a RST (reset) is indicative of a non\-listener\&. If no response is received after several retransmissions, the port is marked as filtered\&. The port is also marked filtered if an ICMP unreachable error (type 3, code 1, 2, 3, 9, 10, or 13) is received\&. The port is also considered open if a SYN packet (without the ACK flag) is received in response\&. This can be due to an extremely rare TCP feature known as a simultaneous open or split handshake connection (see
\m[blue]\fB\%http://nmap.org/misc/split-handshake.pdf\fR\m[])\&.
.RE
.PP
\fB\-sT\fR (TCP connect scan) .\" -sT .\" connect scan

8
docs/refguide.xml
View File

@@ -1132,9 +1132,9 @@ scans.</para>
<para>SYN scan is the default and most popular scan option for good
reasons. It can be performed quickly, scanning thousands of ports per
second on a fast network not hampered by restrictive firewalls. SYN scan
is relatively unobtrusive and stealthy, since it never completes TCP
connections. It also works against any compliant TCP stack rather
second on a fast network not hampered by restrictive firewalls. It is also
relatively unobtrusive and stealthy since it never completes TCP
connections. SYN scan works against any compliant TCP stack rather
than depending on idiosyncrasies of specific platforms as Nmap's
FIN/NULL/Xmas, Maimon and idle scans do. It also allows clear,
reliable differentiation between the <literal>open</literal>,
@@ -1148,7 +1148,7 @@ response. A SYN/ACK indicates the port is listening (open), while a
RST (reset) is indicative of a non-listener. If no response is
received after several retransmissions, the port is marked as
filtered. The port is also marked filtered if an ICMP unreachable
error (type 3, code 1, 2, 3, 9, 10, or 13) is received.</para>
error (type 3, code 1, 2, 3, 9, 10, or 13) is received. The port is also considered open if a SYN packet (without the ACK flag) is received in response. This can be due to an extremely rare TCP feature known as a simultaneous open or split handshake connection (see <ulink url="http://nmap.org/misc/split-handshake.pdf"/>).</para>
</listitem>
</varlistentry>