I ran an
nmap -sn scan on a host, and
nmap reported the host as down. I then pinged the same host with
ping and got ICMP responses. I’m confused, because I was sure that
-sn among other things, did an ICMP
Output from my two commands:
~ $ nmap -sn 192.168.1.237 Starting Nmap 6.40 ( http://nmap.org ) at 2016-08-16 09:35 BST Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 3.00 seconds ~ $ ping 192.168.1.237 PING 192.168.1.237 (192.168.1.237) 56(84) bytes of data. 64 bytes from 192.168.1.237: icmp_seq=1 ttl=128 time=9.82 ms 64 bytes from 192.168.1.237: icmp_seq=2 ttl=128 time=5.25 ms 64 bytes from 192.168.1.237: icmp_seq=3 ttl=128 time=2.95 ms 64 bytes from 192.168.1.237: icmp_seq=4 ttl=128 time=9.10 ms ^C --- 192.168.1.237 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 2.957/6.785/9.826/2.810 ms
Any ideas why NMAP could be confused? I’m running the scan from my Ubuntu 16.04 box, the target is a Windows 10.
It is possible to make Server respond with irrelevant data if it is scanned with Nmap? If yes, are there any examples of such SW?
I’m running kali and metasploitable2 in Virtualbox, and have them connected via the host-only networking mode. I can ping and ssh from kali to metasploitable, and have assigned the following IP addresses: 192.168.56.1 (kali) and 192.168.56.13 (metasploitable). For some reason, I was unable to see most open ports when running a simple scan:
kali$ nmap -sV 192.168.56.13 Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-16 09:04 CEST Nmap scan report for 18.104.22.168 Host is up (0.011s latency). Not shown: 997 filtered ports PORT STATE SERVICE VERSION 80/tcp open http? 443/tcp open https? 8080/tcp open http-proxy?
But if I open another shell and run the same command I get a very different result:
kali$ nmap -sV 192.168.56.13 Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-16 09:05 CEST Nmap scan report for 192.168.56.13 Host is up (0.00029s latency). Not shown: 977 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 2.3.4 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0) 23/tcp open telnet Linux telnetd 25/tcp open smtp Postfix smtpd 53/tcp open domain ISC BIND 9.4.2 80/tcp open http Apache httpd 2.2.8 ((Ubuntu) DAV/2) 111/tcp open rpcbind 2 (RPC #100000) 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 512/tcp open exec netkit-rsh rexecd --- snip ----
This is a potentially very much a beginner question but what could be giving these differences between the shells? The env variables were identical in both.
So I have a live host on 192.168.0.151 on my local network. I know it’s life since I’ve set it up with a static IP and also if pinged I get a reply.
Now the weird thing is when I run nmap -sP 192.168.0.151 I can see that the host is up indeed, but when running nmap -sP 192.168.0.1/24 it goes straight pass it and shows that it’s down.. I’ve trying this same exact thing using arp and python module called scapy and I seem to consistently have the same issue where I cannot for some reason specify an IPv4 range to do an arp request on….
what i do in scapy is:
#/usr/bin/env python import scapy.all as scapy scappy.arping("192.168.0.1/24")
I need to block all communication (inbound/outbound) from server A to server B (all ports/all protocols). Server A should communicate with every machine except server B. I can’t place firewall rules on server B, so I have placed all rules on server A.
I have done the following on server A:
- First I disabled all default firewall rules (inbound/outbound) on server A. (This is required.)
- Then I created an inbound rule that allow access from anywhere.
- Then I created an inbound rule that deny access to server B (all protocols/ports).
- Then I created an outbound rule that deny access to server B (all protocols/ports).
I have tested that the access is restricted via ping from both servers, and it seemed to work. But then I installed Nmap on server A and scanned server B. My assumption was that Nmap would not be able to scan server B, as the firewall would block it. But Nmap is able to scan open ports of server B. How is that possible?
Windows Server 2008 is installed on both machines.
Recently I have been practicing penetration testing, and have come up to a standstill when trying to use nmap to detect os for a windows 10 machine. For the most part, it is not able to identify the machine as windows 10, but near guess is windows. I have also tried p0f and xprobe2 without any luck.
What else can I use to successfully detect a windows 10 machine on the network?
*From a blackbox perspective.
I just started working on nmap and was confused by this question. I’m unsure if I understood it correctly, so I appreciate your help with this.
Using Nmap, find how many ports are filtered in testphp.vulnweb.com are displayed as “filtered.”
From my understanding, it was asking me to find filtered ports that would be displayed as filtered. If i want to find how many filtered ports of a host that would be listed as “filtered”, would I use the -sA command for the firewall or is there a way to do that? I’ve tried -d2 but only found ALL filtered ports.
Please let me know if I’m overthinking it or the question should be interpreted differently. Thank you in advance!
I am modifying an nse script, ssl-cert.nse, which was already made for enumerating ssl certificates. I want to output the host ip and the port number in a line of the ssl certificate output. However, any time I try to make a call to host.ip or port.number, it appears that host and port are undeclared variables. How can I output the current host ip and port number of the detected ssl service. Preferably I could concatenate the host and port number inside of the certificate data output. Below is the area of code I have modified / added to in the ssl-cert.nse script file.
local out1 = host.ip local out2 = port.number output = function(host, port) out1 = host.targetName return host.ip end output2 = function(host, port) out2 = port.number return port.number end if nmap.verbosity() > 0 then lines[#lines + 1] = "Issuer: " .. stringify_name(cert.issuer) end if nmap.verbosity() > 0 then lines[#lines + 1] = "Public Key type: " .. cert.pubkey.type .. " " .. out1 .. ":" .. out2 lines[#lines + 1] = "Public Key bits: " .. cert.pubkey.bits lines[#lines + 1] = "Signature Algorithm: " .. cert.sig_algorithm end lines[#lines + 1] = "Not valid before: " .. date_to_string(cert.validity.notBefore) lines[#lines + 1] = "Not valid after: " .. date_to_string(cert.validity.notAfter)
Are there any known hosts online that make themselves available for port scanning in order to learn tools like NMAP? Thanks!
Since Nessus and Rapid7 are hosted in a server with predefined rules to pass firewalls, Nmap validation from user LAN is needed to have more sight about what an attacker can see. can someone share more advantages of this usage of Nmap validation in user lan ?