mailing list archives
Re: differences between nmap-online and nmap command line
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Tue, 24 Jun 2008 15:43:49 +0000
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 24 Jun 2008 18:29:40 +0300 or thereabouts "sara fink"
<sara.fink () gmail com> wrote:
so, which output is correct? the command line or the web page test? I
tested it on my external ip. I have linux kernel 2.6.24.
Probably both. Remember that the results of a port scan are a function
of the scanning machine, target machine, and all network filters
(firewalls) between the two.
- From one view (localhost) you may have 3000 closed ports. From another
host (nmap-online) you may have a handful of filtered ports.
The list you provided is a reasonable, albeit aggressive list of ports
for an ISP to filter.
As far as I know there shouldn't be a problem to run nmap from the
same pc on my external IP.
There probably isn't.
It looked like the command line didn't even scan. In a sec I got the
reply of 3000 port scan.
3000 ports doesn't take long when the all respond with at RST. Here's
$ sudo nmap -p1-3000 -T4 -sS 192.168.0.100
Starting Nmap 4.65 ( http://nmap.org ) at 2008-06-24 15:41 UTC
Interesting ports on bmenrigh.dyndns.org (192.168.0.100):
Not shown: 2997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.175 seconds
0.175 seconds is what I'd call a "blink of the eye".
On Tue, Jun 24, 2008 at 4:26 PM, Ron (list) <ron () skullsecurity net>
sara fink wrote:
I ran nmap online on my ip. I got some results. But when I run the
same nmap on my ip from command line I get totally different
Looks to me like ports are being filtered out somewhere between you
and the target. Likely, they're being filtered by your ISP to
protect you from worms and such.
Hope that helps!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
-----END PGP SIGNATURE-----
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org