Nmap Development mailing list archives
Re: Confused about some port scan results.
From: "Michael Pattrick" <mpattrick () rhinovirus org>
Date: Thu, 26 Jun 2008 11:26:34 -0400
Hey Jason, On Thu, Jun 26, 2008 at 5:06 AM, Jason Cipriani <jason.cipriani () gmail com> wrote:
1. I'm using the correct command line options, right (UDP scan, in order, 6000 to 6500, of 192.168.2.200)?
Yes, this is the correct command line, however, I would advice also doing a version scan along with UDP scans -sV, more on that below.
2. I happen to know that the device only watches for data on port 6300. Why does it say all 501 ports are open/filtered?
The problem is that the UDP protocol doesn't require an application to respond to an 'invalid packet' and the probe that nmap sends is almost certainly invalid. If the port were closed then the target would send an RST packet, the target didnt send any packet witch means that it is ether open(and discarded the packet) or firewalled(and the firewall discarded the packet). This is why I recommended the version scan above; version scan sends valid traffic to the port forcing most UDP servers to respond. That could turn an 'open|filtered' result into 'open'; however, if the server is uncommon or only responds to special packets then it will still be in a state of 'open|filtered'. Hope that helps, Michael _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Confused about some port scan results. Jason Cipriani (Jun 26)
- Re: Confused about some port scan results. Michael Pattrick (Jun 26)
- Re: Confused about some port scan results. Ron (list) (Jun 26)