Re: nmap inconsistent results - via intermedite router?



On 27 Feb 2006, in the Usenet newsgroup comp.security.firewalls, in article
<1141027610.831687.122560@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, ads wrote:

I had a look at tcpdump and don't particularly want to understand at
that low level just yet. I'll take a look at it again in a few weeks.

Assuming that it's 5190/tcp that is open, on your local system start
'tcpdump -n -i eth0' (correct the interface as required). Then, simply
issue the command 'telnet remote_host 5190' and look at the tcpdump
output. Who is responding - what address?

I need to move on and for now, I'm happy to trust nmap! - so I'll just
continue to use if from the remote machine rather than try it from my
home machine.

Remember that it _can_ be confused.

netstat has never shown anything listening on 5190.

That's the good news. But what is responding?

Old guy
.