hi folks,
as some of you might know, i am developing a networkanalysis tool that should also have some portscanning features. i've already implemented an ordinary connect scan and a syn stealh scan. i know that the idea behind a fin stealth scan is to send a packet with just the fin flag set and look what is coming back. as stated in the tcp rfc this should be a reset (rst) if the port is closed. my problem is now that if i want to scan that scanner stops (it does not realy stop but because i capture the packets through an endless loop without having a timeout mechanism installed you can imagine what happens!) if it comes to scan the ssh port. why that ? if some of you have some good sources please let me know.
