亚洲国产日韩欧美一区二区三区,精品亚洲国产成人av在线,国产99视频精品免视看7,99国产精品久久久久久久成人热,欧美日韩亚洲国产综合乱

Community

Learn

Tools Library

AI Tools

Leisure

English

python - 關于ACK標志位的TCP端口掃描的疑惑？

高洛峰 2017-04-18 10:27:06

1008

書上說ACK掃描，如果對方端口是開放的，返回的RST報文TTL應該小于等于64，而大于則表示不開放。

但是我在Kail上分別對同一個C段的兩臺機器進行掃描時發(fā)現：

對windows主機的一個開放端口(80)掃描，得到的RST報文的TTL=128，window=32767，對一關閉的端口(11987)掃描，得到的RST報文的TTL=128，window=32767

對Linux主機(Ubuntu 16.04)的一個開放端口(22)掃描，得到的RST報文的TTL=64，window=0，對一關閉端口(12339)掃描，得到的RST報文的TTL=64，window=0

請問何解？

高洛峰

擁有18年軟件開發(fā)和IT教學經驗。曾任多家上市公司技術總監(jiān)、架構師、項目經理、高級軟件工程師等職務。網絡人氣名人講師，...

reply all(1)

PHPzhong2017-04-18 10:29:06 1 floor

It is not that less than or equal to 64 equals an open port. It sends ACK packets to a bunch of ports on a machine at the same time. If the TTL in the RST returned by a certain port is obviously smaller than others, it means that this port may be open.
As for the case of 128/64, it is because the default TTL values ??of *nix and windows are different. Generally speaking, it can be considered that the default TTL value of *nix is ??64 and that of windows is 128. (There will be differences depending on different system/kernel versions)

Like +0

Add Reply