Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: nmap not working properly...showing ports as filtered, but ncat banner grab works

From: "Joseph McCray" <joe () strategicsec com>
Date: Mon, 16 Jan 2012 17:55:17 -0500
OK - tracked the problem down.

My hosting company is using Virtuoso and gave me a Ubuntu 10.10 OS template,
when I did a release upgrade to 11.10 - the virtual machine actually lost
it's IP address:

root@shrek:/toolz/nmap-source# ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:17 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:828 (828.0 B)  TX bytes:828 (828.0 B)

venet0    Link encap:UNSPEC  HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0
Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:199139 errors:0 dropped:0 overruns:0 frame:0
          TX packets:190106 errors:0 dropped:18 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:196114461 (196.1 MB)  TX bytes:17810823 (17.8 MB)



Evidently -  with the way my hosting company is using Virtuoso you need to
utilize these templates for the virtual machines. They just gave me a new
VM, and I need to run it specifying the correct interface like this:

nmap -sV 69.163.181.91 -e venet0:0


Joe McCray

Toll Free:             1-866-892-2132            
Email:                 joe () strategicsec com
LinkedIn:              http://www.linkedin.com/in/joemccray
Twitter:               http://twitter.com/j0emccray
Slideshare:            http://www.slideshare.net/joemccray
GPG Key:               http://strategicsec.com/JoeStrategicSec_Public.key
Website:               http://strategicsec.com



When NASA began the launch of astronauts into space, they found out that
the pens wouldn't work at zero gravity (ink won't flow down to the
writing surface). To solve this problem, it took them one decade and $12
million. They developed a pen that worked at zero gravity, upside down,
underwater, in practically any surface including crystal and in a
temperature range from below freezing to over 300 degrees C. 

And what did the Russians do...?? They used a pencil.


-----Original Message-----
From: David Fifield [mailto:david () bamsoftware com] 
Sent: Monday, January 16, 2012 2:19 PM
To: Joseph McCray
Cc: nmap-dev () insecure org
Subject: Re: nmap not working properly...showing ports as filtered, but ncat
banner grab works

On Mon, Jan 16, 2012 at 03:59:54AM -0500, Joseph McCray wrote:

Building a box right now. Any IP that I scan comes back as ports being
filtered, but ncat allows me to bannergrab the host. 

Never seen that before. It does this for any port on any IP - ncat
bannergrab works, but not a portscan. Any ideas?

root@shrek:~# ncat 69.163.181.91 22     <-- This works fine
SSH-2.0-OpenSSH_5.1p1 Debian-5

root@shrek:~# nmap -PN -sV -p 22 69.163.181.91             <-- This

doesn't

work - always shows filtered

PORT   STATE    SERVICE
22/tcp filtered ssh


Try the --packet-trace option to see what is being sent and received.

Is it only this target that has the problem, or all targets from your
particular scanning machine?

If it is only this one target, try to get a packet capture ("tcpdump -w
dump.pcap host 69.163.181.91").

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: