Nmap Development mailing list archives
RE: making nmap video tutorial
From: Aaron Leininger <rilian4 () hotmail com>
Date: Sun, 11 Jan 2009 12:51:16 -0800
I think your firewall is blocking ICMP echoes. I did a quick test on your port 80 and if I don't allow the initial ping(-PN option..assumes host is online), port 80 comes back open: nmap -p80 -PN securityoveride.com Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-11 12:46 PST Interesting ports on 168.97.8.67.cfl.res.rr.com (67.8.97.168): PORT STATE SERVICE 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 0.62 seconds root@anet:~# nmap -p80 securityoveride.com ============================== However, if I take out the -PN option, I get the following: nmap -p80 securityoveride.com Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-11 12:46 PST Note: Host seems down. If it is really up, but blocking our ping probes, try -PN Nmap done: 1 IP address (0 hosts up) scanned in 3.35 seconds ============================== I hope this makes sense. Maybe some of the other developers can explain it better... -Aaron
Im making a video tutorial on nmap for my website and had a couple of questions. In the proses of making the video i scanned my own host securityoveride.com nmap securityoveride.com PORT STATE SERVICE 25/tcp open smtp 1723/tcp clesed pptp I thought this was werred because port 80 the web server did not show as open? So i scanned again only this time i specified port 80 nmap securityoveride.com -p80 port state service 80/tcp filtered http So i did a -sV on port 80 nmap -sV securityoveride.com -p80 port state servce version 80/tcp open http Apache blah blah blah blah If I do a normal TCP SYN to that port, I get a SYN/ACK back: nmap -sP -PS80 --packet-trace securityoveride.com Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-10 13:24 PST SENT (0.0770s) TCP 192.168.0.100:35940 > 67.8.97.168:80 S ttl=56 id=6929 iplen=44 seq=1710713162 win=1024 <mss 1460> RCVD (0.1900s) TCP 67.8.97.168:80 > 192.168.0.100:35940 SA ttl=53 id=0 iplen=44 seq=1848604725 win=5840 ack=1710713163 <mss 1452> But when an ICMP echo is sent at the same time, I get a RST back instead: nmap -sP --packet-trace securityoveride.com Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-10 13:25 PST SENT (0.0930s) TCP 192.168.0.100:55576 > 67.8.97.168:80 A ttl=56 id=11940 iplen=40 seq=1525747904 win=1024 ack=440183681 SENT (0.0930s) ICMP 192.168.0.100 > 67.8.97.168 echo request (type=8/code=0) ttl=42 id=58077 iplen=28 RCVD (0.2070s) TCP 67.8.97.168:80 > 192.168.0.100:55576 R ttl=53 id=0 iplen=40 seq=440183681 win= I was wondering is someone could explain this ? _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_________________________________________________________________ Windows Liveā¢ HotmailĀ®: Chat. Store. Share. Do more with mail. http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t1_hm_justgotbetter_howitworks_012009 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- making nmap video tutorial maillist (Jan 11)
- RE: making nmap video tutorial Aaron Leininger (Jan 11)
- [OT] Re: making nmap video tutorial Daniel Roethlisberger (Jan 11)
- Re: making nmap video tutorial David Fifield (Jan 11)
- Re: making nmap video tutorial maillist (Jan 11)