Nmap Development mailing list archives
interpreting results
From: Joao Daniel <joaodanielnevesss () hotmail com>
Date: Tue, 18 Oct 2011 14:40:25 -0200
Hi,I have create a virtual Windows XP machine (VMware) and installed NOD32 Internet Security
with include ( of course ) a firewall.So, to have some fun I tried to map the firewall rules (of the virtual machine).
#nmap -sP -PA139 --send-ip -n 172.16.13.14 Nmap reports host down.As the guys know -PA parameter sends ACK packages. Seeding a ACK without seeding
an SYN makes the packages invalid. But if I ran: #nmap -sP -PS139 --send-ip -n172.16.13.14 Nmap reports host up. I have also tried: #nmap -sP -PS'other_port' --send-ip -n 172.16.13.14 Nmap reports host down.Nmap only reports host up if I choose one of the fowling ports 135,139,445 (the 'default' windows ports)
Conclusions: I suppose that the firewall block invalid TCP packets. (See the first scan)I have a felling that the firewall is blocking probes for other port because the virtual machine
do not run a service on that port. (Third scan) So, What I would like to ask is: 1) Are my conclusions right? 2)What more can I do to discover more about this host? _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- interpreting results Joao Daniel (Oct 18)