Saturday, June 19, 2010

SYN + RST tcp flag = close port

The port is closed if SYN packet sent from source replied with RST packet from the destination.
 
The port is open if SYN packet sent from source replied with SYN/ACK packet from the destination.See TCP Three Way Handshake

In this example, source, 192.168.0.5 send SYN packet to the destination, 192.168.0.3.
Destination, 192.168.0.3 reply to source, 192.168.0.5 with RST packet
It means that http service or TCP80 is not listening at the destination, 192.168.0.3

Source        Destination   Summary 
--------------------------------------------------------------------------------------
[192.168.0.5] [192.168.0.3] TCP: D=80 S=44545 SYN SEQ=3017830046 LEN=0 WIN=4096
[192.168.0.3] [192.168.0.5] TCP: D=44545 S=80 RST ACK=3017830047 WIN=0

Reference:
http://www.networkuptime.com/nmap/page4-5.shtml
Posted by at
Labels:

2 comments:

Subscribe to: Post Comments (Atom)

Related post:

Related Posts with Thumbnails