Nmap Development mailing list archives
Re: Scan until open port is found
From: "Hans Nilsson" <hasse_gg () ftml net>
Date: Sat, 11 Nov 2006 16:29:51 -1100
Well I tried some more to get Nmap to wait a specific amount of time between each probe in the ping scan and to make Nmap stop scanning after a port have been found using the ping scan. Maybe there should be some kind of --halt-scan option and you can specify to stop scanning after a certain amount of time, after a certain number of hosts have been found, after a certain number of open ports have been found, after a certain number of open ports per host have been found and so on? sudo nmap -sP -PS22-200 hostname Bogus argument to -PS: Bogus character in supposed number-list string. Example of proper form: "20,80,65532" QUITTING! sudo nmap -sP -PS1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 hostname Bogus argument to -PS: Buffer would overflow -- too many numbers in provided list QUITTING! sudo nmap -n -sP -PS22,113 www.google.com --packet-trace --scan-delay 2s SENT (0.0320s) TCP 230.220.70.150:42845 > 64.233.183.104:22 S ttl=41 id=13345 iplen=44 seq=4284969758 win=2048 <mss 1460> SENT (0.0330s) TCP 230.220.70.150:42845 > 64.233.183.104:113 S ttl=50 id=1823 iplen=44 seq=1793553182 win=3072 <mss 1460> RCVD (0.0850s) TCP 64.233.183.104:113 > 230.220.70.150:42845 RA ttl=239 id=0 iplen=40 seq=0 win=0 ack=1793553183 Host 64.233.183.104 appears to be up. Nmap finished: 1 IP address (1 host up) scanned in 2.044 seconds Scan delay isn't respected.(?) sudo nmap -n -sP -PS22,113 www.google.com --packet-trace --max-parallelism 1 SENT (0.0440s) TCP 230.220.70.150:61530 > 64.233.183.147:22 S ttl=46 id=61818 iplen=44 seq=805478494 win=3072 <mss 1460> SENT (0.0440s) TCP 230.220.70.150:61530 > 64.233.183.147:113 S ttl=37 id=58326 iplen=44 seq=1078108254 win=2048 <mss 1460> RCVD (0.1050s) TCP 64.233.183.147:113 > 230.220.70.150:61530 RA ttl=239 id=0 iplen=40 seq=0 win=0 ack=1078108255 Host 64.233.183.147 appears to be up. Nmap finished: 1 IP address (1 host up) scanned in 0.363 seconds It sends more than 1 probe at a time. sudo nmap -n -sP -PS22,113 www.google.com --packet-trace --scan-delay 2s --max-parallelism 1 You can't use --max-parallelism with --scan-delay. QUITTING! Am I just using it wrong? On Sat, 11 Nov 2006 07:25:57 -1100, "Hans Nilsson" <hasse_gg () ftml net> said:
Ok, thanks. I did know about that option. But unfortunately you can't do: sudo nmap -sP -PS22-200 hostname and doing sudo nmap -sP -PS1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 hostname etc. is tedious. Also how can I make Nmap wait one second between each packet sent? Even with scan-delay 2s it sends the two first packets the exact same time. max-parallelism doesn't help either and I can't use it with scan-delay even though it says so in the manual. On Sat, 11 Nov 2006 12:45:25 +0100, "Diman Todorov" <diman.todorov () chello at> said:On 10.11.2006, at 10:54, Hans Nilsson wrote:Hello! Is there any way to just scan until one open port is found and then stop?Yes there is a way: sudo nmap -sP -PS22,80,113 hostname This will send SYN packets to all three ports and will stop if any of the ports replies with a SYN/ACK. Alternatively you can use -PA which will do a three way handshake. If you want to know which port was open you need to use --packet-trace (at least until the --reason project is incorporated into the nmap core) cheers Diman-- Hans Nilsson hasse_gg () ftml net -- http://www.fastmail.fm - Access all of your messages and folders wherever you are _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
-- Hans Nilsson hasse_gg () ftml net -- http://www.fastmail.fm - Accessible with your email software or over the web _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Scan until open port is found Hans Nilsson (Nov 10)
- Re: Scan until open port is found Diman Todorov (Nov 11)
- Re: Scan until open port is found Hans Nilsson (Nov 11)
- Re: Scan until open port is found Hans Nilsson (Nov 11)
- Re: Scan until open port is found Hans Nilsson (Nov 11)
- Re: Scan until open port is found Diman Todorov (Nov 11)