Re: nmap inconsistent results - via intermedite router?

Thanks for persisting.

SSH-ing into the remote machine (on the internet), I setup
this...(where source=home machine's internet ip, and dest=remote
machine's ip)

/home/adam# tcpdump -n -i eth0 | grep 5190
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
01:46:55.095342 IP source.2226 > dest.5190: S 4260908126:4260908126(0)
win 5808 <mss 1452,sackOK,timestamp 17554350 0,nop,wscale 0>
01:46:55.095396 IP dest.5190 > source.2226: R 0:0(0) ack 4260908127 win
0

On my local machine (behind the netgear router) I did this...
mirror:~# telnet dest 5190
Trying dest...
Connected to dest.
Escape character is '^]'.
Connection closed by foreign host.

I guess this is good - but not sure about the result. I do not have a
firewall on the remote machine.

Regards,
ads

Moe Trin wrote:
> On 27 Feb 2006, in the Usenet newsgroup comp.security.firewalls, in article
> <1141027610.831687.122560@e56g2000cwe.googlegroups.com>, ads wrote:
>
> >I had a look at tcpdump and don't particularly want to understand at
> >that low level just yet. I'll take a look at it again in a few weeks.
>
> Assuming that it's 5190/tcp that is open, on your local system start
> 'tcpdump -n -i eth0' (correct the interface as required). Then, simply
> issue the command 'telnet remote_host 5190' and look at the tcpdump
> output. Who is responding - what address?
>
> >I need to move on and for now, I'm happy to trust nmap! - so I'll just
> >continue to use if from the remote machine rather than try it from my
> >home machine.
>
> Remember that it _can_ be confused.
>
> >netstat has never shown anything listening on 5190.
>
> That's the good news. But what is responding?
>
> Old guy
Received on Mon May 1 00:53:35 2006