Nmap Development mailing list archives
Re: Strange behavior with -p parameter.
From: David Fifield <david () bamsoftware com>
Date: Thu, 19 Jul 2012 18:33:19 -0700
On Thu, Jul 19, 2012 at 12:13:48PM +0100, Marcin Prączko wrote:
Dear developers, Today I've noticed strange nmap behavior with -p parameter. I wanted test our servers (after unlocking port 80,443) and these is what happen: Command run:(IP was replaced with valid IP, X-Y - range of IPs) nmap -sT -P0 -p 80,443 IP.X-Y Result: Starting Nmap 5.21 ( http://nmap.org ) at 2012-07-19 11:55 BST Nmap scan report for IP Host is up (0.0031s latency). PORT STATE SERVICE 80/tcp open http 443/tcp filtered https ... Port 443 is marked as filtered - and should be open. The same command run on each server with -p 80 or -p 443 only. nmap -sT -P0 -p 443 IP.X-Y Starting Nmap 5.21 ( http://nmap.org ) at 2012-07-19 11:55 BST Nmap scan report for IP Host is up (0.33s latency). PORT STATE SERVICE 443/tcp open https ... This happen on following configuration: OpenSuse 11.4 (i586) nmap-5.21-6.1.i586 No update candidate for 'nmap-5.21-6.1.i586'. The highest available version is already installed. Could you advice how I can check whether this is OpenSuse or Namp issue, please? How I can debug more what nmap is doing and why this 443 is marked as filltered when (-p 80,443) is used and port is open when (-p 443) is used? The same command on RedHat with nmap 4 is working exectly as expected.
To help debug you can use the --packet-trace option. Also use -d so that you can wee the reasons why packets are marked in a particular state. --packet-trace will show you what packets Nmap sends and receives. You should be able to see what kind of response you receive for -p 443, and then see if the same response is received (or not) for -p 80,443. The first step is to run the scans a few times to see if the error happens always, or only sometimes. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Strange behavior with -p parameter. Marcin Prączko (Jul 19)
- Re: Strange behavior with -p parameter. David Fifield (Jul 19)