The IP Protocol Scans attempt to determine the IP protocols supported on atarget. Nmap sends a raw IP packet without any additional protocol header (seea good TCP/IP book for information about IP packets), to each protocol on thetarget machine. Receipt of an ICMP Protocol Unreachable message tells us theprotocol is not in use, otherwise it is assumed open. Not all hosts send ICMPProtocol Unreachable messages. These may include firewalls, AIX, HP-UX andDigital UNIX). These machines will report all protocols open.
This scan type also falls victim to the ICMP limiting rate described in theUDP scans section, however since only 256 protocols are possible (8-bit field forIP protocol in the IP header) it should not take too long.Results of an -sO on my Linux workstation are included below.
1 [chaos]# nmap -sO 127.0.0.1
2
3 Starting Nmap 4.01 at 2006-07-14 12:56 BST
4 Interesting protocols on chaos(127.0.0.1):8
5 (The 251 protocols scanned but not shown below are
6 in state: closed)
7 PROTOCOL STATE SERVICE
8 1 open icmp
9 2 open|filtered igmp
10 6 open tcp
11 17 open udp
12 255 open|filtered unknown
13
14 Nmap finished: 1 IP address (1 host up) scanned in
15 1.259 seconds
1 [chaos]# nmap -sO 127.0.0.1
2
3 Starting Nmap 4.01 at 2006-07-14 12:56 BST
4 Interesting protocols on chaos(127.0.0.1):8
5 (The 251 protocols scanned but not shown below are
6 in state: closed)
7 PROTOCOL STATE SERVICE
8 1 open icmp
9 2 open|filtered igmp
10 6 open tcp
11 17 open udp
12 255 open|filtered unknown
13
14 Nmap finished: 1 IP address (1 host up) scanned in
15 1.259 seconds
Comments :
Post a Comment