In theory, the 2 byte allocation for dst ports in the tcp header tcp[2:2]
would allow for 0xFFFF or 65535 ports.
To the question... I would run a sniffer on the nessusd box (tcpdump) to
determine what the scanner is really doing. Also check
/usr/local/var/nessus/logs/nessusd.messages (default)
Good luck.
"Gilbert, Austin"
<[EMAIL PROTECTED] To: "'Chris'"
<[EMAIL PROTECTED]>, "'[EMAIL PROTECTED]'"
g> <[EMAIL PROTECTED]>
Sent by: cc:
owner-nessus@list Subject: RE: Nessus scans seem to just
"die"
.nessus.org
11/06/2002 04:44
PM
Hmmm... Aren't there only 65355 ports??
-----Original Message-----
From: Chris [mailto:brahma@;mendolink.com]
Sent: Wednesday, November 06, 2002 4:39 PM
To: [EMAIL PROTECTED]
Subject: Nessus scans seem to just "die"
When I set the port range to scan to 1-65535 the scan will start but
the progress bars do nothing. Sometimes the port scan progress bar
will fill up then disappear then the attack bar will fill up about 1
notch and it will sit on one random scan. As far as I can tell the
process is still running and responding to the system just nothing is
going out. I am scanning machines with no firewalls so it doesn't
seem to be an issue with it hanging on not getting an ICMP back.
Although that as well is a problem. I try and scan machines that have
ICMP blocked but open ports in high to low ranges 1-65535 etc. I turn
off ping host and all the TCP and ICMP pings that nessus would do.
Try and scan with a small range or large and it again does nothing and
shows no results. Sorry for mashing to problems into one but they
seemed as if maybe they could be suffering the same problem. I recall
when I first visited nessus.org and was reading through something said
"if nessus is running slow change so and so to 5" but I can't seem to
find that text now.
Thank You,
Chris D.
Network Security
Mendo Link, LLC
"An Ounce Of Prevention Is Worth A Pound Of Cure."
Om Namo Narayanaya
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
IMPORTANT NOTICE:
This message is intended only for the use of the individual or entity
to which it is addressed and may contain information that is
privileged, confidential and exempt from disclosure under applicable
law. If you have received this message in error, you are hereby
notified that we do not consent to any reading, dissemination,
distribution or copying of this message. If you have received this
communication in error, please notify the sender immediately and
destroy the transmitted information.
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
