To clarify what I'm doing: say I do an nmap of my system, 'nmap -T polite -p 11500-12000 192.168.1.53' it shows a bunch of ports as open even though they are just strings as I have dropped all original port scan packets and replaced them with injected packets using nemesis... only one of the ports listed is really open.
Now I want to play the attacker and try to locate the real port using nmap or netcat. However, every command I have tried does not give me the answer. Is there a way to do this?
I've tried this command which I thought might locate it but it doenst seem to work:
nc -v -t 192.168.1.53 11500-12000
I used -t because in this case the real port is a telnet port. Shouldn't -t be used with netcat when scanning for telnet negotiations?
Any help is appreciated.