Questions tagged [nmap]
a free and open-source port scanner, operating system fingerprinter, and service fingerprinter
215 questions
0
votes
0
answers
24
views
nmap updatedb not collecting latest on github
I have installed nmap using the guidance on nmap.org here
nmap --version yields
Nmap version 7.95 ( https://nmap.org )
Platform: x86_64-redhat-linux-gnu
Compiled with: nmap-liblua-5.4.6 openssl-3.0.13 ...
- 1
0
votes
0
answers
127
views
Nmap showing open ports althought nftables is configured to drop
On a fresh Debian 12 install, I have the following nftables configuration that I believe does the following when activated:
traffic from localhost accepted
established/related traffic accepted
TCP ...
- 111
1
vote
0
answers
110
views
`nmap` showing different hostnames than expected
When I run nmap 192.168.1.*, I get a print out of all devices on my network. The hostnames are not what I expect. For example, the hostname of the Linux desktop (192.168.1.203) I am currently on is ...
- 139
0
votes
2
answers
1k
views
How to resolve 'Compiled without: Available nsock engines' message in Nmap & display open ports?
I'm using Nmap in Kali Linux & trying to scan the top 100 ports for the given IP. When entered the below command, it does not display any open ports. But gives the 'Compiled without: Available ...
- 113
0
votes
1
answer
2k
views
How to measure TCP latency?
OS is Debian on both servers.
I found some examples showing how to measure TCP latency with nmap:
nmap --packet-trace -p 22 192.168.0.10
But I'm getting some negative results for latency. ie, it will ...
- 167
0
votes
1
answer
138
views
How do I get all MAC addresses of all devices on my LAN that have an IP address (equivalent of doas nmap -sn but for IPv6)?
#!/usr/bin/bash
echo "Give me your private IP and its mask";read given
if [[ "$given" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}/{0,1}[0-9]{1,3} ]]; then
echo "version 4"
...
- 827
-2
votes
1
answer
103
views
Why is it written in nmap official doc that -sL does not send any packet, when it actually send them?
Sniffing with wireshark, I see a bunch of ARP and DNS requests.
So why in the official doc it's written this:
The list scan is a degenerate form of host discovery that simply lists
each host of the ...
- 265
0
votes
0
answers
146
views
Could nmap local network scan affect network general speed and/or performance?
For the past few days I've been trying to monitor my local network to look for new device connections. At first I thought of arpwatch, but if I'm not mistaken, it is worthless if not running on the ...
1
vote
1
answer
114
views
Linux Webserver not "Accepting" Connections
First off, thanks for any help anyone can provide, I greatly appreciate it!
I have a basic network I have set up for testing. It has pfSense acting as a Gateway/DHCP/DNS host and two Linux machines ...
- 11
0
votes
2
answers
527
views
Scan LAN using NMap without specifying LAN IP
I'm very aware that you can specify an IP range and individual IPs for an NMap scan. However, I'm wondering if there's a command available to scan the LAN I'm connected to without specifying an IP.
...
- 135
0
votes
1
answer
4k
views
Does 'apt update' also update nmap's scripts?
I'm building a Linux OVA on a VM to scan stuff with nmap.
I'm using cron to keep my packages up to date:
sudo apt-get update
sudo apt-get upgrade
sudo apt-get autoremove
It's from my understanding ...
- 5
0
votes
1
answer
4k
views
Does STATE LISTEN or ESTABLISHED means I should see an open port when using nmap?
Should ports that are in LISTENING, ESTABLISHED or not identified states appear as open ports in nmap?
Doing some search on google I've found this:
Any "ESTABLISHED" socket means that there ...
- 3
0
votes
0
answers
143
views
Nmap scans are not persistent after reboot
I use Zenmap on Linux 6.0.0-kali3-amd64 which runs on Oracle VirtualBox to see open ports in Metasploitable2. When I save the Zenmap scan to /home I can successfully open the scan again until I reboot ...
- 19
1
vote
0
answers
130
views
nmap is unable to find all android tablets connected to network
nmap is unable to find all android tablets connected to network
There are around 40 tablets connected to the same wifi in 192.168.100.0/24. I used nmap to ping all devices in the subnet and find their ...
- 11
0
votes
3
answers
4k
views
How to grep only ports from nmap scan output file?
➜ cat nmap/ports.nmap
Starting Nmap 7.92 ( https://nmap.org ) at 2022-10-21 11:30 IST
Warning: 10.10.10.100 giving up on port because retransmission cap hit (10).
Nmap scan report for 10.10.10.100
...
- 1
0
votes
0
answers
694
views
nmap my localhost with host name and ip to get different result
The domain name debian.debian point to 127.0.0.1
$ ping debian.debian
PING debian.debian (127.0.1.1) 56(84) bytes of data.
64 bytes from debian.debian (127.0.1.1): icmp_seq=1 ttl=64 time=0.047 ms
64 ...
- 601
0
votes
1
answer
593
views
Devices On My Network Appear As VMware, Inc - Why?
When I use Netdiscover on Kali Linux, it shows all my devices Brand as VMWare, Inc, why?
Not just that, but the same happens when I use Nmap, Zenmap, net.show with Bettercap, nothing seems to show ...
- 1
0
votes
1
answer
277
views
How to populate DNS suffixes on Nmap hostname scans in Kali
I need a Kali box on my network to be able to properly retrieve DNS suffixes from the DNS servers when using Nmap scans.
When I run Nmap hostname scans from my own machine, I can watch the traffic in ...
0
votes
1
answer
939
views
Disable service version detection
nmap can be used to detect open ports and services associated with it. Also, we can use -sV flag to determine the service version.
Is there any way to disable this server version detection? A hacker ...
- 15.4k
0
votes
1
answer
667
views
Port is shown as "open", then as "filtered" on CentOS Stream 8
I have made a fresh install of CentOS Stream 8 on a machine. This machine needs to connect to a Foreman Smart Proxy on port 443.
If I run nmap immediately after machine boots up, it sees the port as ...
- 32.4k
0
votes
1
answer
352
views
Nmap Shows Different States of the Same Port with Different Scan Methods
When I launch an -sA scan of a certain IP address, it shows port "80" as "unfiltered". Code is below.
sudo nmap -sA -vv -p 80 192.168.0.30 -Pn
Host discovery disabled (-Pn). All ...
0
votes
2
answers
1k
views
How can I use nmap -p and cat 'file'?
I am trying to create a simple bash script that can run the "specific" port scan on mulitple IPs and Ports using nmap -p.
The issue I am having is that when it reads the port# followed by ...
- 13
0
votes
3
answers
667
views
Best tool to use to extract command output
I want to programatically process the results of nmap output but cannot work out how to take the output and extract just the details of the protocol or port tables shown in the two outputs below.
I am ...
- 379
0
votes
1
answer
3k
views
nmap & ssl-enum-ciphers
I am trying to check for the offered ciphers with nmap:
$ nmap -Pn --script ssl-enum-ciphers host1.example.org -p 443
Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-13 14:52 CET
Nmap scan report ...
- 10.1k
0
votes
2
answers
130
views
How to change the name that evokes a program in Debian-based distros
I want to install a fork of nmap in Kali Linux, but I'm worried that it will conflict with the original program when I type nmap in the terminal. Can I change its name from nmap to nmap2?
-2
votes
1
answer
270
views
OWASP Guide for web app penetration testing says use "nmap –PN –sT –sV –p0" but in my Kali OS it says failed to resolve
On page 35 of the Owasp testing guide, it says to use Nmap as:
nmap –PN –sT –sV –p0-65535 192.168.1.100
but running this on my machine with the -PN -sT -p0 flags gives the following errors:
Failed to ...
-1
votes
1
answer
94
views
How do I gain access to a server if it has no ports open?
I know the IP address and the root password of a server running Linux, but it has no network ports opened. I can ping it and it responds. How do I gain access to it?
- 1
1
vote
2
answers
485
views
How to get IP addr from MAC
I'm trying to connect to a second-hand external wifi camera. It has an ethernet slot and a sticker with the MAC address but no other branding or model/serial numbers.
I am trying to find its IP ...
- 16.1k
1
vote
1
answer
2k
views
Nmap is not sending ICMP timestamp requests when -PP flag is set
I'd like nmap to send ICMP timestamp requests to the host. To achieve this I use the command:
nmap -PP "ip addr"
But among requests generated by nmap there are no ICMP requests, only TCP ...
- 13
3
votes
1
answer
8k
views
How to open a filtered port
Somehow I keep breaking ssh on my ubuntu servers and I can't figure out why. I have a ddns set up as myserver.asuscomm.com and the ports are forwarded on my router. One of them works perfectly, but ...
0
votes
1
answer
195
views
Why only a few ports (like ssh, http, https) are appeared to be open while all others are closed in nmap, on a host without firewall?
I have two Debian 11 machines (192.168.0.2 & 192.168.0.3) connected to the same router (gateway at 192.168.0.1). I have disabled firewall (ufw) of both. But when I did a port scan via nmap from ...
- 53
1
vote
1
answer
603
views
How do I get nmap to list all devices connected to my ATT wifi?
Using Ubuntu, I attempted to list all devices connected to my wifi with
$ sudo nmap -sn 192.168.1.83/24
Starting Nmap 7.80 ( https://nmap.org ) at 2021-08-19 10:35 CDT
Nmap scan report for amazon-...
- 121
1
vote
2
answers
3k
views
NMap show only IP addresses that are down
An excellent command shows only those IP addresses that are responding
nmap -n -sn 192.168.1.0/24 -oG - | awk '/Up$/{print $2}'
Looking through all these can be a pain to find a few that are not ...
- 13
3
votes
1
answer
4k
views
Nmap 7.8 Assertion failed: htn.toclock_running == true
All of a sudden, nmap throws the following error after executing the canonical sudo nmap -sP 192.168.109.* :
nmap: Target.cc:503: void Target::stopTimeOutClock(const timeval*):
Assertion `htn....
- 230
0
votes
2
answers
834
views
How to find out the static IP address of a device?
I have got an IP camera which, according to the manual, is supposed to have static IP address 192.168.1.110. To connect to it (and change the network settings) I configured my laptop to have static IP ...
- 469
0
votes
1
answer
100
views
Nmap stalling after reboot
I use nmap to find devices on my network that has the port 5300 open. At first it worked great. I could find devices in no time, but then I rebooted my computer and now nmap just stalls during the ...
- 111
1
vote
2
answers
2k
views
How to make a port open?
When I ping, there is reply.
$ ping 10.26.14.16
64 bytes from 10.26.140.160: icmp_seq=1 ttl=63 time=0.525 ms
When I ping with port, there is no reply.
$ nmap -p 5016 10.26.14.16
5016/tcp closed ...
- 13
2
votes
1
answer
1k
views
Why do nmap, ss (netscan?) and lsof give different results?
I'm trying to understand which ports are actively listening (in use?) on my machine and don't really know what I'm doing. The three commands I've experimented with are nmap, ss (?netscan?) and lsof.
...
- 145
0
votes
2
answers
2k
views
Why can't I run nmap with the -O option even when I use sudo
I'm trying to determine which ports are in use with my machine. I found, online an article that listed one method as follows:
$ sudo nmap -sT -O localhost
I believedthis would give me a list of all ...
- 145
-5
votes
1
answer
275
views
nmap taking ages
I am using Try Hack Me to attempt to learn but they tell me to run nmap -A -p- and it is taking over an hour for a scan.
I am really new to this and want to know is there a faster way to perform a ...
0
votes
0
answers
63
views
Make nmap respond quicker to hosts that are down
I’m using nmap to ping 150k IP addresses, the problem is it takes too long to check the down IPs. It’s taking less than a second to check for the IPS that are up but if any are down it slows the ...
- 23
-2
votes
1
answer
484
views
Passing Dig command in nmap
I have an issue to take the result of the dig command and pass it to nmap command like:
for ip in 'dig mydomain.com -t ns +short'
do nmap $ip
done
0
votes
1
answer
382
views
fping output vs. nmap -sn output behind two firewalls
I've tried to scan a network, behind two firewalls, for online hosts only. With fping I did:
fping -a -q -g 192.168.222.0/24
and I got this output
@>~]$ > fping -a -q -g 192.168.222.0/24
192.168....
- 1
0
votes
1
answer
15k
views
nmap: Couldn't open a raw socket. Error: Permission denied (13)
I'm attempting to run the following command on an Ubuntu box (ssh from Windows 10 PowerShell):
sudo nmap -sU -O localhost
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-02 10:13 GMT
Couldn't open ...
- 549
0
votes
0
answers
80
views
scan specific udp port for local network
So I have a Prometheus server which I use to capture input from port 512 UDP, I have it open, but now I have a problem checking which 512 UDP port on my network is the sender. I tried reading the nmap ...
-3
votes
1
answer
457
views
unable to use script on kali llinux [closed]
#! /bin/bash
nmap sT 192.168.181.0/24 p 3306 >/dev/null oG MySQLscan
cat MySQLscan | grep open > MySQLscan2
cat MySQLscan2
When i type this above script in text editor and save as ...
- 1
0
votes
0
answers
56
views
Stop ISP firewall
I've set up an apache web server with port 80, I can access it very easily within the network by typing the IP x.x.x.x:80 in the browser (I know that I don't need to specify the HTTP port).
However, ...
3
votes
0
answers
224
views
problem in Nmap while using sudo
Recently I had a problem, each time using sudo for nmap with --spoof-mac gives me an output that the host is down, which actually is not right because I know it is up.
Why is that happening?
Giving ...
user441321
0
votes
1
answer
239
views
state of tcp/udp source ports when waiting for answer from target
i have a quick question about tcp port states: suppose i am establishing a tcp connection to a server: source address/port should be 44.44.44.44:33456 destination address/port is 55:55:55.55:443. in ...
0
votes
1
answer
374
views
CentOS nmap host discovery scan doesn't work
I have a port forwarded home server running CentOS 7 on my home network. I am trying to fix some issues with it and tried to do an nmap host discovery scan but it doesn't work and says that all hosts ...
- 13