output from nmap

27/07/2007, 02h10

Folk,

I can use a little to understand the following output
from nmap.

As far as I can discern, IOD = Initial Object Descriptor
and EID = Endpoint Identifier. So does this show that
the UDP packet is getting past IOD #1? What about
IOD #2?

What are EID 8, EID 18 & etc.?

Thanks, ... Peter E.

newton:~# nmap -sU -p1194 --packet-trace peasthope.yi.org

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-07-25 08:18 PDT
SENT (5.1360s) ICMP 137.82.26.91 > 139.142.97.80 Echo request (type=8/code=0) ttl=59 id=24449 iplen=28
SENT (5.1360s) TCP 137.82.26.91:43568 > 139.142.97.80:80 A ttl=43 id=18482 iplen=40 seq=4225371038 win=4096 ack=324668318
RCVD (5.1380s) TCP 139.142.97.80:80 > 137.82.26.91:43568 RA ttl=255 id=54305 iplen=40 seq=324668318 win=4096 ack=4225371038
NSOCK (5.2490s) UDP connection requested to 137.82.1.1:53 (IOD #1) EID 8
NSOCK (5.2490s) Read request from IOD #1 [137.82.1.1:53] (timeout: -1ms) EID 18
NSOCK (5.2500s) UDP connection requested to 137.82.26.240:53 (IOD #2) EID 24
NSOCK (5.2500s) Read request from IOD #2 [137.82.26.240:53] (timeout: -1ms) EID 34
NSOCK (5.2500s) Write request for 44 bytes to IOD #1 EID 43 [137.82.1.1:53]: .............80.97.142.139.in-addr.arpa.....
NSOCK (5.2510s) nsock_loop() started (timeout=500ms). 5 events pending
NSOCK (5.2520s) Callback: CONNECT SUCCESS for EID 24 [137.82.26.240:53]
NSOCK (5.2520s) Callback: CONNECT SUCCESS for EID 8 [137.82.1.1:53]
NSOCK (5.2520s) Callback: WRITE SUCCESS for EID 43 [137.82.1.1:53]
NSOCK (5.7540s) nsock_loop() started (timeout=500ms). 2 events pending
NSOCK (6.2540s) nsock_loop() started (timeout=500ms). 2 events pending
NSOCK (6.7540s) nsock_loop() started (timeout=500ms). 2 events pending
NSOCK (7.2540s) nsock_loop() started (timeout=495ms). 2 events pending
NSOCK (7.7500s) Write request for 44 bytes to IOD #1 EID 51 [137.82.1.1:53]: .............80.97.142.139.in-addr.arpa.....
NSOCK (7.7510s) nsock_loop() started (timeout=500ms). 3 events pending
NSOCK (7.7510s) Callback: WRITE SUCCESS for EID 51 [137.82.1.1:53]
NSOCK (7.8210s) Callback: READ SUCCESS for EID 18 [137.82.1.1:53] (123 bytes)
NSOCK (7.8210s) Read request from IOD #1 [137.82.1.1:53] (timeout: -1ms) EID 58
SENT (7.8390s) UDP 137.82.26.91:43548 > 139.142.97.80:1194 ttl=59 id=39917 iplen=28
SENT (7.9440s) UDP 137.82.26.91:43549 > 139.142.97.80:1194 ttl=42 id=61356 iplen=28
Interesting ports on 139.142.97.80:
PORT STATE SERVICE
1194/udp open|filtered unknown

Nmap finished: 1 IP address (1 host up) scanned in 8.165 seconds
newton:~#

http://carnot.pathology.ubc.ca/

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

27/07/2007, 02h40

On Thu, 26 Jul 2007, PETER EASTHOPE wrote:

> Folk,
>
> I can use a little to understand the following output
> from nmap.
>
> As far as I can discern, IOD = Initial Object Descriptor
> and EID = Endpoint Identifier. So does this show that
> the UDP packet is getting past IOD #1? What about
> IOD #2?
>
> What are EID 8, EID 18 & etc.?
>
> Thanks, ... Peter E.
>
> newton:~# nmap -sU -p1194 --packet-trace peasthope.yi.org
>
> Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-07-25 08:18 PDT
> SENT (5.1360s) ICMP 137.82.26.91 > 139.142.97.80 Echo request (type=8/code=0) ttl=59 id=24449 iplen=28
> SENT (5.1360s) TCP 137.82.26.91:43568 > 139.142.97.80:80 A ttl=43 id=18482 iplen=40 seq=4225371038 win=4096 ack=324668318
> RCVD (5.1380s) TCP 139.142.97.80:80 > 137.82.26.91:43568 RA ttl=255 id=54305 iplen=40 seq=324668318 win=4096 ack=4225371038
> NSOCK (5.2490s) UDP connection requested to 137.82.1.1:53 (IOD #1) EID 8
> NSOCK (5.2490s) Read request from IOD #1 [137.82.1.1:53] (timeout: -1ms) EID 18
> NSOCK (5.2500s) UDP connection requested to 137.82.26.240:53 (IOD #2) EID 24
> NSOCK (5.2500s) Read request from IOD #2 [137.82.26.240:53] (timeout: -1ms) EID 34
> NSOCK (5.2500s) Write request for 44 bytes to IOD #1 EID 43 [137.82.1.1:53]: .............80.97.142.139.in-addr.arpa.....
> NSOCK (5.2510s) nsock_loop() started (timeout=500ms). 5 events pending
> NSOCK (5.2520s) Callback: CONNECT SUCCESS for EID 24 [137.82.26.240:53]
> NSOCK (5.2520s) Callback: CONNECT SUCCESS for EID 8 [137.82.1.1:53]
> NSOCK (5.2520s) Callback: WRITE SUCCESS for EID 43 [137.82.1.1:53]
> NSOCK (5.7540s) nsock_loop() started (timeout=500ms). 2 events pending
> NSOCK (6.2540s) nsock_loop() started (timeout=500ms). 2 events pending
> NSOCK (6.7540s) nsock_loop() started (timeout=500ms). 2 events pending
> NSOCK (7.2540s) nsock_loop() started (timeout=495ms). 2 events pending
> NSOCK (7.7500s) Write request for 44 bytes to IOD #1 EID 51 [137.82.1.1:53]: .............80.97.142.139.in-addr.arpa.....
> NSOCK (7.7510s) nsock_loop() started (timeout=500ms). 3 events pending
> NSOCK (7.7510s) Callback: WRITE SUCCESS for EID 51 [137.82.1.1:53]
> NSOCK (7.8210s) Callback: READ SUCCESS for EID 18 [137.82.1.1:53] (123 bytes)
> NSOCK (7.8210s) Read request from IOD #1 [137.82.1.1:53] (timeout: -1ms) EID 58
> SENT (7.8390s) UDP 137.82.26.91:43548 > 139.142.97.80:1194 ttl=59 id=39917 iplen=28
> SENT (7.9440s) UDP 137.82.26.91:43549 > 139.142.97.80:1194 ttl=42 id=61356 iplen=28
> Interesting ports on 139.142.97.80:
> PORT STATE SERVICE
> 1194/udp open|filtered unknown
>
> Nmap finished: 1 IP address (1 host up) scanned in 8.165 seconds
> newton:~#
>
>
>
> http://carnot.pathology.ubc.ca/
>

Looks like nmap made a dns request ..

-+-
8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno.

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

27/07/2007, 02h10	#1
PETER EASTHOPE Messages: n/a Hébergeur:	output from nmap Folk, I can use a little to understand the following output from nmap. As far as I can discern, IOD = Initial Object Descriptor and EID = Endpoint Identifier. So does this show that the UDP packet is getting past IOD #1? What about IOD #2? What are EID 8, EID 18 & etc.? Thanks, ... Peter E. newton:~# nmap -sU -p1194 --packet-trace peasthope.yi.org Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-07-25 08:18 PDT SENT (5.1360s) ICMP 137.82.26.91 > 139.142.97.80 Echo request (type=8/code=0) ttl=59 id=24449 iplen=28 SENT (5.1360s) TCP 137.82.26.91:43568 > 139.142.97.80:80 A ttl=43 id=18482 iplen=40 seq=4225371038 win=4096 ack=324668318 RCVD (5.1380s) TCP 139.142.97.80:80 > 137.82.26.91:43568 RA ttl=255 id=54305 iplen=40 seq=324668318 win=4096 ack=4225371038 NSOCK (5.2490s) UDP connection requested to 137.82.1.1:53 (IOD #1) EID 8 NSOCK (5.2490s) Read request from IOD #1 [137.82.1.1:53] (timeout: -1ms) EID 18 NSOCK (5.2500s) UDP connection requested to 137.82.26.240:53 (IOD #2) EID 24 NSOCK (5.2500s) Read request from IOD #2 [137.82.26.240:53] (timeout: -1ms) EID 34 NSOCK (5.2500s) Write request for 44 bytes to IOD #1 EID 43 [137.82.1.1:53]: .............80.97.142.139.in-addr.arpa..... NSOCK (5.2510s) nsock_loop() started (timeout=500ms). 5 events pending NSOCK (5.2520s) Callback: CONNECT SUCCESS for EID 24 [137.82.26.240:53] NSOCK (5.2520s) Callback: CONNECT SUCCESS for EID 8 [137.82.1.1:53] NSOCK (5.2520s) Callback: WRITE SUCCESS for EID 43 [137.82.1.1:53] NSOCK (5.7540s) nsock_loop() started (timeout=500ms). 2 events pending NSOCK (6.2540s) nsock_loop() started (timeout=500ms). 2 events pending NSOCK (6.7540s) nsock_loop() started (timeout=500ms). 2 events pending NSOCK (7.2540s) nsock_loop() started (timeout=495ms). 2 events pending NSOCK (7.7500s) Write request for 44 bytes to IOD #1 EID 51 [137.82.1.1:53]: .............80.97.142.139.in-addr.arpa..... NSOCK (7.7510s) nsock_loop() started (timeout=500ms). 3 events pending NSOCK (7.7510s) Callback: WRITE SUCCESS for EID 51 [137.82.1.1:53] NSOCK (7.8210s) Callback: READ SUCCESS for EID 18 [137.82.1.1:53] (123 bytes) NSOCK (7.8210s) Read request from IOD #1 [137.82.1.1:53] (timeout: -1ms) EID 58 SENT (7.8390s) UDP 137.82.26.91:43548 > 139.142.97.80:1194 ttl=59 id=39917 iplen=28 SENT (7.9440s) UDP 137.82.26.91:43549 > 139.142.97.80:1194 ttl=42 id=61356 iplen=28 Interesting ports on 139.142.97.80: PORT STATE SERVICE 1194/udp open\|filtered unknown Nmap finished: 1 IP address (1 host up) scanned in 8.165 seconds newton:~# http://carnot.pathology.ubc.ca/ -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

27/07/2007, 02h40	#2
Jeff D Messages: n/a Hébergeur:	Re: output from nmap On Thu, 26 Jul 2007, PETER EASTHOPE wrote: > Folk, > > I can use a little to understand the following output > from nmap. > > As far as I can discern, IOD = Initial Object Descriptor > and EID = Endpoint Identifier. So does this show that > the UDP packet is getting past IOD #1? What about > IOD #2? > > What are EID 8, EID 18 & etc.? > > Thanks, ... Peter E. > > newton:~# nmap -sU -p1194 --packet-trace peasthope.yi.org > > Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-07-25 08:18 PDT > SENT (5.1360s) ICMP 137.82.26.91 > 139.142.97.80 Echo request (type=8/code=0) ttl=59 id=24449 iplen=28 > SENT (5.1360s) TCP 137.82.26.91:43568 > 139.142.97.80:80 A ttl=43 id=18482 iplen=40 seq=4225371038 win=4096 ack=324668318 > RCVD (5.1380s) TCP 139.142.97.80:80 > 137.82.26.91:43568 RA ttl=255 id=54305 iplen=40 seq=324668318 win=4096 ack=4225371038 > NSOCK (5.2490s) UDP connection requested to 137.82.1.1:53 (IOD #1) EID 8 > NSOCK (5.2490s) Read request from IOD #1 [137.82.1.1:53] (timeout: -1ms) EID 18 > NSOCK (5.2500s) UDP connection requested to 137.82.26.240:53 (IOD #2) EID 24 > NSOCK (5.2500s) Read request from IOD #2 [137.82.26.240:53] (timeout: -1ms) EID 34 > NSOCK (5.2500s) Write request for 44 bytes to IOD #1 EID 43 [137.82.1.1:53]: .............80.97.142.139.in-addr.arpa..... > NSOCK (5.2510s) nsock_loop() started (timeout=500ms). 5 events pending > NSOCK (5.2520s) Callback: CONNECT SUCCESS for EID 24 [137.82.26.240:53] > NSOCK (5.2520s) Callback: CONNECT SUCCESS for EID 8 [137.82.1.1:53] > NSOCK (5.2520s) Callback: WRITE SUCCESS for EID 43 [137.82.1.1:53] > NSOCK (5.7540s) nsock_loop() started (timeout=500ms). 2 events pending > NSOCK (6.2540s) nsock_loop() started (timeout=500ms). 2 events pending > NSOCK (6.7540s) nsock_loop() started (timeout=500ms). 2 events pending > NSOCK (7.2540s) nsock_loop() started (timeout=495ms). 2 events pending > NSOCK (7.7500s) Write request for 44 bytes to IOD #1 EID 51 [137.82.1.1:53]: .............80.97.142.139.in-addr.arpa..... > NSOCK (7.7510s) nsock_loop() started (timeout=500ms). 3 events pending > NSOCK (7.7510s) Callback: WRITE SUCCESS for EID 51 [137.82.1.1:53] > NSOCK (7.8210s) Callback: READ SUCCESS for EID 18 [137.82.1.1:53] (123 bytes) > NSOCK (7.8210s) Read request from IOD #1 [137.82.1.1:53] (timeout: -1ms) EID 58 > SENT (7.8390s) UDP 137.82.26.91:43548 > 139.142.97.80:1194 ttl=59 id=39917 iplen=28 > SENT (7.9440s) UDP 137.82.26.91:43549 > 139.142.97.80:1194 ttl=42 id=61356 iplen=28 > Interesting ports on 139.142.97.80: > PORT STATE SERVICE > 1194/udp open\|filtered unknown > > Nmap finished: 1 IP address (1 host up) scanned in 8.165 seconds > newton:~# > > > > http://carnot.pathology.ubc.ca/ > Looks like nmap made a dns request .. -+- 8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno. -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email