Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: R: NMAP BUG ?

From: David Fifield <david () bamsoftware com>
Date: Thu, 26 Nov 2009 08:34:44 -0700
On Mon, Nov 23, 2009 at 09:36:43AM +0100, Fabio Bartalini wrote:

-----Messaggio originale-----
Da: David Fifield [mailto:david () bamsoftware com] 
Inviato: mercoledì 11 novembre 2009 16.04
A: fbartalini () libero it
Cc: nmap-dev () insecure org
Oggetto: Re: NMAP BUG ?

On Tue, Nov 10, 2009 at 09:45:06AM +0100, fbartalini () libero it wrote:

On Fri, Sep 11, 2009 at 05:43:22PM +0200, fbartalini () libero it wrote:

I have installed nmap 5.0 + zenmap on my Windows XP SP2 PC .
If I run
      nmap -p 1-65535 -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 
85.40.168.187 it report no ports open (all filtered) but I  know 
that this  IP address has port 6464 open and if I run nmap as
      nmap -p 6464 -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 
85.40.168.187 it report correctly that port is open. You can try 
it. Why the first command don't report this port as open ?


Both commands should find the open port. It could be that -T4 is too 
fast for this particular host. Try it again without -T4 and see if 
the results are different.


I try without -T4 but results are the same : "All 65535 scanned ports 
on host187-168-static.40-85-b.business.telecomitalia.it
(85.40.168.187) are filtered".
Other idea ?


Try using different port ranges to narrow down the point at which the port
stops being recognized.

-p 1-65535
-p 1-32767
-p 1-16383
-p 1-8191
-p 6000-7000
-p 6400-6500
-p 6460-6470
-p 6464

Let us know which of those ranges work and which don't.


Hi,

I try your suggestion.
I found that these ranges work:
-p 6000-7000
-p 6400-6500
-p 6460-6470
-p 6464

And these don't :
-p 1-65535
-p 1-32767
-p 1-16383
-p 1-8191


I can scan the host with -p 1-65535 and -p 1-8191 and I get the port
open. I can only think of one thing. Is there a firewall or router or
NAT device between you and the target? Some of those try to track TCP
connections, and they can become overwhelmed when there are too many,
and start dropping packets. That would explain why you get the port open
with a narrow port range but not a wide one.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: