Nmap Development mailing list archives

RE: making nmap video tutorial

From: Aaron Leininger <rilian4 () hotmail com>
Date: Sun, 11 Jan 2009 12:51:16 -0800


I think your firewall is blocking ICMP echoes. I did a quick test on your port 80 and if I don't allow the initial 
ping(-PN option..assumes host is online), port 80 comes back open:

nmap -p80 -PN securityoveride.com

Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-11 12:46 PST
Interesting ports on 168.97.8.67.cfl.res.rr.com (67.8.97.168):
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.62 seconds
root@anet:~# nmap -p80 securityoveride.com
==============================
However, if I take out the -PN option, I get the following:
nmap -p80 securityoveride.com

Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-11 12:46 PST
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 3.35 seconds
==============================
I hope this makes sense. Maybe some of the other developers can explain it better...
-Aaron

Im making a video tutorial on nmap for my website and had a couple of
questions. In the proses of making the video i scanned my own host
securityoveride.com

nmap securityoveride.com

PORT     STATE    SERVICE
25/tcp   open     smtp
1723/tcp clesed   pptp

I thought this was werred because port 80 the web server did not show as
open?

So i scanned again only this time i specified port 80
nmap securityoveride.com -p80

port    state     service
80/tcp   filtered  http

So i did a -sV on port 80
nmap -sV securityoveride.com -p80

port    state    servce   version
80/tcp   open     http     Apache blah blah blah blah

If I do a normal TCP SYN to
that port, I get a SYN/ACK back:
nmap -sP -PS80 --packet-trace securityoveride.com

Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-10 13:24 PST
SENT (0.0770s) TCP 192.168.0.100:35940 > 67.8.97.168:80 S ttl=56 id=6929
iplen=44  seq=1710713162 win=1024 <mss 1460>
RCVD (0.1900s) TCP 67.8.97.168:80 > 192.168.0.100:35940 SA ttl=53 id=0
iplen=44  seq=1848604725 win=5840 ack=1710713163 <mss 1452>

But when an ICMP echo is sent at the same time, I get a RST back
instead:

nmap -sP --packet-trace securityoveride.com

Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-10 13:25 PST
SENT (0.0930s) TCP 192.168.0.100:55576 > 67.8.97.168:80 A ttl=56
id=11940 iplen=40  seq=1525747904 win=1024 ack=440183681 
SENT (0.0930s) ICMP 192.168.0.100 > 67.8.97.168 echo request
(type=8/code=0) ttl=42 id=58077 iplen=28 
RCVD (0.2070s) TCP 67.8.97.168:80 > 192.168.0.100:55576 R ttl=53 id=0
iplen=40  seq=440183681 win=

I was wondering is someone could explain this ?


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


_________________________________________________________________
Windows Live™ Hotmail®: Chat. Store. Share. Do more with mail. 
http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t1_hm_justgotbetter_howitworks_012009

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

making nmap video tutorial maillist (Jan 11)
- RE: making nmap video tutorial Aaron Leininger (Jan 11)
- [OT] Re: making nmap video tutorial Daniel Roethlisberger (Jan 11)
- Re: making nmap video tutorial David Fifield (Jan 11)
  - Re: making nmap video tutorial maillist (Jan 11)