Nmap Development mailing list archives
Re: R: NMAP BUG ?
From: David Fifield <david () bamsoftware com>
Date: Thu, 26 Nov 2009 08:34:44 -0700
On Mon, Nov 23, 2009 at 09:36:43AM +0100, Fabio Bartalini wrote:
-----Messaggio originale----- Da: David Fifield [mailto:david () bamsoftware com] Inviato: mercoledì 11 novembre 2009 16.04 A: fbartalini () libero it Cc: nmap-dev () insecure org Oggetto: Re: NMAP BUG ? On Tue, Nov 10, 2009 at 09:45:06AM +0100, fbartalini () libero it wrote:On Fri, Sep 11, 2009 at 05:43:22PM +0200, fbartalini () libero it wrote:I have installed nmap 5.0 + zenmap on my Windows XP SP2 PC . If I run nmap -p 1-65535 -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 85.40.168.187 it report no ports open (all filtered) but I know that this IP address has port 6464 open and if I run nmap as nmap -p 6464 -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 85.40.168.187 it report correctly that port is open. You can try it. Why the first command don't report this port as open ?Both commands should find the open port. It could be that -T4 is too fast for this particular host. Try it again without -T4 and see if the results are different.I try without -T4 but results are the same : "All 65535 scanned ports on host187-168-static.40-85-b.business.telecomitalia.it (85.40.168.187) are filtered". Other idea ?Try using different port ranges to narrow down the point at which the port stops being recognized. -p 1-65535 -p 1-32767 -p 1-16383 -p 1-8191 -p 6000-7000 -p 6400-6500 -p 6460-6470 -p 6464 Let us know which of those ranges work and which don't.Hi, I try your suggestion. I found that these ranges work: -p 6000-7000 -p 6400-6500 -p 6460-6470 -p 6464 And these don't : -p 1-65535 -p 1-32767 -p 1-16383 -p 1-8191
I can scan the host with -p 1-65535 and -p 1-8191 and I get the port open. I can only think of one thing. Is there a firewall or router or NAT device between you and the target? Some of those try to track TCP connections, and they can become overwhelmed when there are too many, and start dropping packets. That would explain why you get the port open with a narrow port range but not a wide one. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: NMAP BUG ? David Fifield (Nov 09)
- <Possible follow-ups>
- Re: NMAP BUG ? David Fifield (Nov 11)
- Message not available
- Re: R: NMAP BUG ? David Fifield (Nov 26)
- Message not available