Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: open.scanme.nmap.org suggestion
From: Henri Doreau <henri.doreau () greenbone net>
Date: Sun, 26 Jun 2011 10:29:05 +0200

2011/6/25 Wolfric <wolfric1 () gmail com>:
This is extremely useful for testing which ports are blocked from
inside a firewalled environment however I can see how scanning 65k
ports could probably piss off whoever is hosting the server as it
would probably garner a lot more activity per user and a lot heavier
use. Sure if the load becomes too heavy you can just tank the idea and
take the domain name offline.


you can use the firewalk[1] script to do such things. This script
automates firewalls rules detection between you and a target.
The following command should tell you which ports are blocked, and where:
  # nmap --traceroute --script firewalk <target>.

In case you want to scan a wider ports range you need to disable the
firewalk probed-ports limit:
  # nmap --traceroute -p- --script=firewalk --script-args
firewalk.max-probed-ports=-1 <target>

This syntax and behavior are only valid for the SVN version of the
script (there is a firewalk script shipped with nmap 5.51 but it isn't
as convenient as this one). You can download the latest version of the
script here: http://nmap.org/svn/scripts/firewalk.nse



[1] http://nmap.org/nsedoc/scripts/firewalk.html

Henri Doreau |  Greenbone Networks GmbH  |  http://www.greenbone.net
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]