Re: Scan until open port is found

["Hans Nilsson" <hasse_gg () ftml net>]

Well I tried some more to get Nmap to wait a specific amount of time
between each probe in the ping scan and to make Nmap stop scanning after
a port have been found using the ping scan.

Maybe there should be some kind of --halt-scan option and you can
specify to stop scanning after a certain amount of time, after a certain
number of hosts have been found, after a certain number of open ports
have been found, after a certain number of open ports per host have been
found and so on?

sudo nmap -sP -PS22-200 hostname
Bogus argument to -PS: Bogus character in supposed number-list string.
Example of proper form: "20,80,65532"
QUITTING!

sudo nmap -sP -PS1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 hostname
Bogus argument to -PS: Buffer would overflow -- too many numbers in
provided list
QUITTING!

sudo nmap -n -sP -PS22,113 www.google.com --packet-trace --scan-delay 2s
SENT (0.0320s) TCP 230.220.70.150:42845 > 64.233.183.104:22 S ttl=41
id=13345 iplen=44  seq=4284969758 win=2048 <mss 1460>
SENT (0.0330s) TCP 230.220.70.150:42845 > 64.233.183.104:113 S ttl=50
id=1823 iplen=44  seq=1793553182 win=3072 <mss 1460>
RCVD (0.0850s) TCP 64.233.183.104:113 > 230.220.70.150:42845 RA ttl=239
id=0 iplen=40  seq=0 win=0 ack=1793553183
Host 64.233.183.104 appears to be up.
Nmap finished: 1 IP address (1 host up) scanned in 2.044 seconds

Scan delay isn't respected.(?)

sudo nmap -n -sP -PS22,113 www.google.com --packet-trace
--max-parallelism 1
SENT (0.0440s) TCP 230.220.70.150:61530 > 64.233.183.147:22 S ttl=46
id=61818 iplen=44  seq=805478494 win=3072 <mss 1460>
SENT (0.0440s) TCP 230.220.70.150:61530 > 64.233.183.147:113 S ttl=37
id=58326 iplen=44  seq=1078108254 win=2048 <mss 1460>
RCVD (0.1050s) TCP 64.233.183.147:113 > 230.220.70.150:61530 RA ttl=239
id=0 iplen=40  seq=0 win=0 ack=1078108255
Host 64.233.183.147 appears to be up.
Nmap finished: 1 IP address (1 host up) scanned in 0.363 seconds

It sends more than 1 probe at a time.

sudo nmap -n -sP -PS22,113 www.google.com --packet-trace --scan-delay 2s
--max-parallelism 1
You can't use --max-parallelism with --scan-delay.
QUITTING!

Am I just using it wrong?

On Sat, 11 Nov 2006 07:25:57 -1100, "Hans Nilsson" <hasse_gg () ftml net>
said:
> Ok, thanks. I did know about that option. But unfortunately you can't
> do:
>
> sudo nmap -sP -PS22-200 hostname
>
> and doing 
>
> sudo nmap -sP -PS1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 hostname
> etc.
>
> is tedious. Also how can I make Nmap wait one second between each packet
> sent? Even with scan-delay 2s it sends the two first packets the exact
> same time. max-parallelism doesn't help either and I can't use it with
> scan-delay even though it says so in the manual.
>
> On Sat, 11 Nov 2006 12:45:25 +0100, "Diman Todorov"
> <diman.todorov () chello at> said:
> > On 10.11.2006, at 10:54, Hans Nilsson wrote:
> >
> > > Hello! Is there any way to just scan until one open port is found and
> > > then stop?
> >
> > Yes there is a way:
> > sudo nmap -sP -PS22,80,113 hostname
> >
> > This will send SYN packets to all three ports and will stop if any of  
> > the ports replies with a SYN/ACK. Alternatively you can use -PA which  
> > will do a three way handshake. If you want to know which port was  
> > open you need to use --packet-trace (at least until the --reason  
> > project is incorporated into the nmap core)
> >
> > cheers
> > Diman
> -- 
>   Hans Nilsson
>   hasse_gg () ftml net
>
> -- 
> http://www.fastmail.fm - Access all of your messages and folders
>                           wherever you are
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org
-- 
  Hans Nilsson
  hasse_gg () ftml net

-- 
http://www.fastmail.fm - Accessible with your email software
                          or over the web


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org