In other words, if I have the following Portscan options set..
Nmapand am scanning all 65535 ports, I will hit each TCP port 3 seperate times?
SYN Scan
TCP connect()
I did this test on my home network, scanning a host that was up and looking for port #1 (which wasn't open)
[EMAIL PROTECTED] sck]$ sudo /usr/sbin/tcpdump -i eth1 host 192.168.8.2 and port 1And I hit the same port, with different port scan types, mind you.
tcpdump: listening on eth1
13:01:33.539232 192.168.8.4.5063 > 192.168.8.2.1: S 3489694628:3489694628(0) win 16
13:01:33.539389 192.168.8.2.1 > 192.168.8.4.5063: R 0:0(0) ack 3489694629 win 0
13:02:52.731028 192.168.8.4.34805 > 192.168.8.2.1: S 4056410470:4056410470(0) win 5840 <mss 1460,sackOK,timestamp 960428924 0,nop,wscale 0> (DF)
13:02:52.731305 192.168.8.2.1 > 192.168.8.4.34805: R 0:0(0) ack 4056410471 win 0
13:03:05.537007 192.168.8.4.53241 > 192.168.8.2.1: S 4071254978:4071254978(0) win 5840 <mss 1460,sackOK,timestamp 960435481 0,nop,wscale 0> (DF)
13:03:05.537325 192.168.8.2.1 > 192.168.8.4.53241: R 0:0(0) ack 4071254979 win 0
Scott
