Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: differences between nmap-online and nmap command line
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Tue, 24 Jun 2008 15:43:49 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 24 Jun 2008 18:29:40 +0300 or thereabouts "sara fink"
<sara.fink () gmail com> wrote:

so, which output is correct? the command line or the web page test? I
tested it on my external ip. I have linux kernel 2.6.24.

Probably both.  Remember that the results of a port scan are a function
of the scanning machine, target machine, and all network filters
(firewalls) between the two.

- From one view (localhost) you may have 3000 closed ports.  From another
host (nmap-online) you may have a handful of filtered ports.

The list you provided is a reasonable, albeit aggressive list of ports
for an ISP to filter.   


As far as I know there shouldn't be a problem to run nmap from the
same pc on my external IP.

There probably isn't.


It looked like the command line didn't even scan. In a sec I got the
reply of 3000 port scan.

3000 ports doesn't take long when the all respond with at RST.  Here's
my machine:

$ sudo nmap -p1-3000 -T4 -sS 192.168.0.100

Starting Nmap 4.65 ( http://nmap.org ) at 2008-06-24 15:41 UTC
Interesting ports on bmenrigh.dyndns.org (192.168.0.100):
Not shown: 2997 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 0.175 seconds


0.175 seconds is what I'd call a "blink of the eye".


Brandon


On Tue, Jun 24, 2008 at 4:26 PM, Ron (list) <ron () skullsecurity net>
wrote:
sara fink wrote:

I ran nmap online on my ip. I got some results. But when I run the
same nmap on my ip from command line I get totally different
results.

Looks to me like ports are being filtered out somewhere between you
and the target. Likely, they're being filtered by your ISP to
protect you from worms and such.

Hope that helps!

Ron


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkhhFjwACgkQqaGPzAsl94LQxQCgofcIqPsP045uZEQvA2M72a1h
TyUAnA8L3HzMMc0ATPF+f41YIctQhXzX
=iccV
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]