Re: nmap inconsistent results - via intermedite router?

Thanks for persisting.

SSH-ing into the remote machine (on the internet), I setup
this...(where source=home machine's internet ip, and dest=remote
machine's ip)

/home/adam# tcpdump -n -i eth0 | grep 5190
tcpdump: verbose output suppressed, use -v or -vv for full protocol
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
01:46:55.095342 IP source.2226 > dest.5190: S 4260908126:4260908126(0)
win 5808 <mss 1452,sackOK,timestamp 17554350 0,nop,wscale 0>
01:46:55.095396 IP dest.5190 > source.2226: R 0:0(0) ack 4260908127 win

On my local machine (behind the netgear router) I did this...
mirror:~# telnet dest 5190
Trying dest...
Connected to dest.
Escape character is '^]'.
Connection closed by foreign host.

I guess this is good - but not sure about the result. I do not have a
firewall on the remote machine.


Moe Trin wrote:
On 27 Feb 2006, in the Usenet newsgroup, in article
<1141027610.831687.122560@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, ads wrote:

I had a look at tcpdump and don't particularly want to understand at
that low level just yet. I'll take a look at it again in a few weeks.

Assuming that it's 5190/tcp that is open, on your local system start
'tcpdump -n -i eth0' (correct the interface as required). Then, simply
issue the command 'telnet remote_host 5190' and look at the tcpdump
output. Who is responding - what address?

I need to move on and for now, I'm happy to trust nmap! - so I'll just
continue to use if from the remote machine rather than try it from my
home machine.

Remember that it _can_ be confused.

netstat has never shown anything listening on 5190.

That's the good news. But what is responding?

Old guy