On Wed, Oct 03, 2001 at 12:52:51PM -0300, Rosenau wrote: > > Nmap seems to report boths cases simply as "filtered". Actually, both cases > are filtered, but when you receive a ICMP, you can be sure that the port is > really filtered. If you do not receive nothing, the port could be filtered, > or packets could have been lost... For what it is worth, Nmap always retries ports that do not respond. It only marks them "filtered" after multiple probes fail to elicit any response. If lost packets are detected (for example if Nmap receives a response to the second probe but not the first one), then the number of retries is increased dramatically. Thus it is unlikely that an open port will be mislabeled "filtered" because of a few dropped packets. That being said, I agree that knowing the source of ICMP error messages is handy and I am hoping to add that to the XML output format at some point. If you want it really soon, you are welcome to make the (relatively simple) changes yourself. That is the beauty of open source! If you send me your patches, I will consider them for the core Nmap tree so that everyone can benefit from them. Cheers, Fyodor http://www.insecure.org/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 15:50:49 PDT