nmap

gojericho0gojericho0 Member Posts: 1,059 ■■■□□□□□□□
in CHFI
Why is the -sS command during an nmap scan considered stealth? I realize it sends just a syn packet, but can't the recieving computer see the source IP of the syn packet? If not if anyone could diagram what the packet looks like that would be great

Thanks!
· Share on FacebookShare on Twitter

Comments

  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    Because it sends a SYN, waits for a SYN/ACK, and drops the connection, unlike a Connect scan, which goes through the entire 3 way handshake. A lot of machines/firewalls don't log incomplete sessions, hence it is considered stealth.

    You can also spoof your IP in nmap. However, if you don't and someone just happens to be sniffing the traffic, then I would assume you could get an IP, yes. However, if it's not logged, the chances of someone watching at that exact moment are slim.


    As far as I know, nmap is not on Security+. You're getting into CEH material. icon_wink.gif
    · Share on FacebookShare on Twitter
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    Great paper by Fyodor.

    http://www.insecure.org/nmap/nmap_doc.html
    · Share on FacebookShare on Twitter
  • gojericho0gojericho0 Member Posts: 1,059 ■■■□□□□□□□
    Thanks for the link it was quite helpful :)
    · Share on FacebookShare on Twitter
Sign In or Register to comment.