Nmap - port redirection detection.

Not perfect! port redirection detection method, example:

nmap -sS -PN -n --max-parallelism 1 --packet-trace -p1723,3389 x.x.x.x
(where x.x.x.x is an IP address)

If SYN/ACK TTLs for both ports are different then sometimes it means that there is port redirection on a router. Also looking at TTL values you can identify the remote os (ex. TTL close to 128 it's probably MS Windows).

BTW. shorter version of --max-parallelism is -M. Maybe i'm wrong but -M is undocumented shortcut, I found it when I used --max-parallelism with 0 value, this caused error "Argument to -M must be at least 1!". :)


Post a Comment