Security Basics mailing list archives
Nmap questions for the experts
From: "mark mark" <haxorplanet () gmail com>
Date: Wed, 23 Jul 2008 11:56:43 +0400
Hi, I have some questions regarding nmap. I'm not sure if this is the proper list, i just searched google and found some people asking nmap-related questions here. Anyway, here are my questions: 1. Is there any way I can specify two different source port for nmap's -g when doing a TCP and UDP scan at the same time? Usually, I specify -g 53. However, I think it would be more effective if I will use port 20 (ftp) as my TCP source port, and just use port 50(DNS) as my UDP source port. I tried specifying both but only the latter port was used by nmap. 2. Do you really use nmap before running nessus? I just read the methodology in our report template and read that the reason why nmap is being used before nessus is because it lessens the amount of work done by nessus in doing port scanning. Only open ports will be fed to nessus for vulnerability assessment. However when doing security assessment, I noticed that most of pentesters rely heavily on nessus and just completely forget about nmap since nessus can also do port scanning and os fingerprinting as well. 3. Is there any way I can specify a file which contains a list of ports that I want to exclude from my scan? I've read the nmap manual and learned that by default it scans for upto 1024 + all those higher numbered ports listed in nmap-services. After running a scan, I wanted to scan all the ports up to 65535 but I don't want to include all those ports that have already been scanned by nmap. Here is the nmap command I use all the time during a pentest project: nmap -PE -PM -PO -PS -PA -PP -PU -n -sS -sU -g 53 -sV --version-all -O -T4 --open --log-errors --reason -iL targets.txt -oN syn.txt 4. Do you also use host discovery that heavily using all combinations of techniques or you just don't do host discovery at all (-PN)? I notice that most of my collegues ignore host discovery totally, while I prefer doing it extensively (all techniques), so that I can decrease the port scan time yet with a reliable result (not missing a host protected by firewall). 5. Sometimes I encounter error saying "Negative Time Delta... QUITTING" and tried searching google but couldn't find anything useful. Any idea what's the cause of it? After getting that error i just simply run the scan again and it would start working fine again. 6. Anyone experiencing this error "nselib not a directory" when running the script scan? That's all for now.. thanks for your replies. -mark
Current thread:
- Nmap questions for the experts mark mark (Jul 23)
- Re: Nmap questions for the experts Javier Reyna Padilla (Jul 24)
- Re: Nmap questions for the experts Ray Winata (Jul 25)
- Re: Nmap questions for the experts Ron (Jul 31)
- Re: Nmap questions for the experts Javier Reyna Padilla (Jul 24)