flag) is received in response. This can be due to an extremely rare TCP feature
known as a simultaneous open or split handshake connection.
see http://nmap.org/misc/split-handshake.pdf
Added a reason code: ER_SYN and associated reason string: "split-handshake-syn".
changes. The first is that Port objects don't allocate memory for
service and RPC results unless that information is set. This reduces the
size of a bare Port from 92 to 40 bytes on my machine. The second change
is that PortList now has the notion of a "default port state," which is
the state of any ports that didn't receive a response. These ports don't
need an allocated Port object, which saves a lot of memory in scans
where most ports didn't get a response.
a layer 4 protocol used mostly for telephony related applications.
This brings the following new features:
o SCTP INIT chunk port scan (-sY): open ports return an INIT-ACK
chunk, closed ones an ABORT chunk. This is the SCTP equivalent
of a TCP SYN stealth scan.
o SCTP COOKIE-ECHO chunk port scan (-sZ): open ports are silent,
closed ports return an ABORT chunk.
o SCTP INIT chunk ping probes (-PY): host discovery using SCTP
INIT chunk packets.
o SCTP-specific IP protocol scan (-sO -p sctp).
o SCTP-specific traceroute support (--traceroute).
o The ability to use the deprecated Adler32 algorithm as specified
in RFC 2960 instead of CRC32C from RFC 4960 (--adler32).
o 42 well-known SCTP ports were added to the nmap-services file.
Part of the work on SCTP support was kindly sponsored by
Compass Security AG, Switzerland. [Daniel Roethlisberger]
scans. This is the code that prints
Host ... appears to be up.
Host ... appears to be down.
Host ... appears to be up ... good.
Host ... appears to be down, skipping it
Except that now these messages are uniform and are
Host ... is up.
Host ... is down.
In addition, the host state --reason information is printed for port
scans just as for ping scans, which appears to have been an oversight
before.
