|
Nmap Development
mailing list archives
RE: making nmap video tutorial
From: Aaron Leininger <rilian4 () hotmail com>
Date: Sun, 11 Jan 2009 12:51:16 -0800
I think your firewall is blocking ICMP echoes. I did a quick test on your port 80 and if I don't allow the initial
ping(-PN option..assumes host is online), port 80 comes back open:
nmap -p80 -PN securityoveride.com
Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-11 12:46 PST
Interesting ports on 168.97.8.67.cfl.res.rr.com (67.8.97.168):
PORT STATE SERVICE
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 0.62 seconds
root () anet:~# nmap -p80 securityoveride.com
==============================
However, if I take out the -PN option, I get the following:
nmap -p80 securityoveride.com
Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-11 12:46 PST
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 3.35 seconds
==============================
I hope this makes sense. Maybe some of the other developers can explain it better...
-Aaron
Im making a video tutorial on nmap for my website and had a couple of
questions. In the proses of making the video i scanned my own host
securityoveride.com
nmap securityoveride.com
PORT STATE SERVICE
25/tcp open smtp
1723/tcp clesed pptp
I thought this was werred because port 80 the web server did not show as
open?
So i scanned again only this time i specified port 80
nmap securityoveride.com -p80
port state service
80/tcp filtered http
So i did a -sV on port 80
nmap -sV securityoveride.com -p80
port state servce version
80/tcp open http Apache blah blah blah blah
If I do a normal TCP SYN to
that port, I get a SYN/ACK back:
nmap -sP -PS80 --packet-trace securityoveride.com
Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-10 13:24 PST
SENT (0.0770s) TCP 192.168.0.100:35940 > 67.8.97.168:80 S ttl=56 id=6929
iplen=44 seq=1710713162 win=1024 <mss 1460>
RCVD (0.1900s) TCP 67.8.97.168:80 > 192.168.0.100:35940 SA ttl=53 id=0
iplen=44 seq=1848604725 win=5840 ack=1710713163 <mss 1452>
But when an ICMP echo is sent at the same time, I get a RST back
instead:
nmap -sP --packet-trace securityoveride.com
Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-10 13:25 PST
SENT (0.0930s) TCP 192.168.0.100:55576 > 67.8.97.168:80 A ttl=56
id=11940 iplen=40 seq=1525747904 win=1024 ack=440183681
SENT (0.0930s) ICMP 192.168.0.100 > 67.8.97.168 echo request
(type=8/code=0) ttl=42 id=58077 iplen=28
RCVD (0.2070s) TCP 67.8.97.168:80 > 192.168.0.100:55576 R ttl=53 id=0
iplen=40 seq=440183681 win=
I was wondering is someone could explain this ?
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
_________________________________________________________________
Windows Liveā¢ HotmailĀ®: Chat. Store. Share. Do more with mail.
http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t1_hm_justgotbetter_howitworks_012009
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
| 
Intro
