"Real" half open request

[chris576]

Hello there.

Its not a real issue, but since I would like to implement my own golang based network scanner, I wish to adjoin discussion about scilent port scans.

From my point of view, a scilent, half-open port scan, cuts the connection after receiving the SYN-ACK Flag package. Therefore, no real connection is established to the host and the port scan is actual a lot harder to detect.

You had implemented your port scan with the net package and the connectTimeout Function. As I understood, this establishes a real TCP connection. It's a lot easier to implement, but my ambition is thrilled: Is it also possible in go, to implement a real hald-open port scan?

I do some more research and maybe in closer future, I get an answer.

[runar-rkmedia]

I'm not an expert, but as far as I can see, furious does half-open requests.

No.	Time	Source	Destination	Protocol	Length	Info
171	9.215780329	192.168.38.120	192.168.38.163	TCP	60	40637 → 8080 [SYN] Seq=0 Win=0 Len=0
173	0.004814159	192.168.38.120	192.168.38.163	TCP	54	40637 → 8080 [RST] Seq=1 Win=0 Len=0

The traffic observed for nmap -sS looks identical, except for that nmap includes MSS:

No.	Time	Source	Destination	Protocol	Length	Info
61	0.000000000	192.168.38.120	192.168.38.163	TCP	58	64615 → 8080 [SYN] Seq=0 Win=1024 Len=0 MSS=1460
63	0.002506440	192.168.38.120	192.168.38.163	TCP	54	64615 → 8080 [RST] Seq=1 Win=0 Len=0