Nmap Development mailing list archives
Re: open.scanme.nmap.org suggestion
From: "Luis MartinGarcia." <luis.mgarc () gmail com>
Date: Tue, 05 Jul 2011 12:47:33 +0200
On 06/28/2011 01:54 AM, Fyodor wrote:
On Sat, Jun 25, 2011 at 10:51:01PM +0100, Wolfric wrote:Hi Folks What are the chances we could see basically a box out there like scanme but with all the ports open and with a service listening (even if it's just an echo server or redirecting everything to ssh on tcp and udp. This is extremely useful for testing which ports are blocked from inside a firewalled environment however I can see how scanning 65k ports could probably piss off whoever is hosting the server as it would probably garner a lot more activity per user and a lot heavier use. Sure if the load becomes too heavy you can just tank the idea and take the domain name offline. I myself have an amazon cloud server setup for just this and I've found it dead handy but I thought it'd be a nice idea for nmap to have an official one.Thanks for the suggestion. If you're OK with other people scanning the machine you set up for this purpose, you're certainly welcome to announce the IP address here on nmap-dev and/or other email addresses or social networks you might use. You can even give it a memorable DNS name so people might recall it in a pinch.
Hi Wolfric, I don't know if you are familiar with our Nping and its "Echo mode" but it can certainly provide the kind of functionality you are looking for. We run a public echo server at echo.nmap.org. From my box I can do this: luis@Aberdeen:~$ sudo nping --ec public echo.nmap.org -p80-90 --tcp --count 1 --no-capture Starting Nping 0.5.52.IPv6.Beta2 ( http://nmap.org/nping ) at 2011-07-05 12:35 CEST SENT (2.0544s) TCP 163.117.203.253:24089 > 74.207.244.221:80 S ttl=64 [...] CAPT (2.1883s) TCP 163.117.203.253:24089 > 74.207.244.221:80 S ttl=54 [...] SENT (3.0561s) TCP 163.117.203.253:24089 > 74.207.244.221:81 S ttl=64 [...] CAPT (3.1697s) TCP 163.117.203.253:24089 > 74.207.244.221:81 S ttl=54 [...] SENT (4.0573s) TCP 163.117.203.253:24089 > 74.207.244.221:82 S ttl=64 [...] CAPT (4.1697s) TCP 163.117.203.253:24089 > 74.207.244.221:82 S ttl=54 [...] SENT (5.0591s) TCP 163.117.203.253:24089 > 74.207.244.221:83 S ttl=64 [...] CAPT (5.1712s) TCP 163.117.203.253:24089 > 74.207.244.221:83 S ttl=54 [...] SENT (6.0603s) TCP 163.117.203.253:24089 > 74.207.244.221:84 S ttl=64 [...] CAPT (6.1662s) TCP 163.117.203.253:24089 > 74.207.244.221:84 S ttl=54 [...] SENT (7.0622s) TCP 163.117.203.253:24089 > 74.207.244.221:85 S ttl=64 [...] CAPT (7.1778s) TCP 163.117.203.253:24089 > 74.207.244.221:85 S ttl=54 [...] SENT (8.0634s) TCP 163.117.203.253:24089 > 74.207.244.221:86 S ttl=64 [...] CAPT (8.1784s) TCP 163.117.203.253:24089 > 74.207.244.221:86 S ttl=54 [...] SENT (9.0644s) TCP 163.117.203.253:24089 > 74.207.244.221:87 S ttl=64 [...] CAPT (9.1782s) TCP 163.117.203.253:24089 > 74.207.244.221:87 S ttl=54 [...] SENT (10.0661s) TCP 163.117.203.253:24089 > 74.207.244.221:88 S ttl=64 [...] CAPT (10.1796s) TCP 163.117.203.253:24089 > 74.207.244.221:88 S ttl=54 [...] SENT (11.0680s) TCP 163.117.203.253:24089 > 74.207.244.221:89 S ttl=64 [...] CAPT (11.1801s) TCP 163.117.203.253:24089 > 74.207.244.221:89 S ttl=54 [...] SENT (12.0691s) TCP 163.117.203.253:24089 > 74.207.244.221:90 S ttl=64 [...] CAPT (12.1803s) TCP 163.117.203.253:24089 > 74.207.244.221:90 S ttl=54 [...] Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A Raw packets sent: 11 (440B) | Rcvd: 0 (0B) | Lost: 11 (100.00%)| Echoed: 10 (400B) Tx time: 10.01570s | Tx bytes/s: 43.93 | Tx pkts/s: 1.10 Rx time: 10.01582s | Rx bytes/s: 0.00 | Rx pkts/s: 0.00 Nping done: 1 IP address pinged in 12.07 seconds The command basically says: "Hey, Nping, how are you doing? Please, establish an Echo mode session with the echo server at echo.nmap.org, and tell him that you are going to send TCP packets that target ports 80, 81, 82..., 90. If the server is OK with that, send such packets and make the server send you a copy of them as they reach him". [Note that I've used --no-capture to avoid receiving RST|ACK responses, so the output is a bit clearer] So from the output you can see that all the probes sent by the client reached the server (I only tested 11 ports but nothing prevents you from passing -p0-65535. Also, you may notice that the server is 10 hops away from my box, as the TTL value was 54 when the packets got there. In my opinion, this echo mode has a great potential for network diagnostics. You may want to have a look at Nping's reference guide. Regards, Luis MartinGarcia. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: open.scanme.nmap.org suggestion Luis MartinGarcia. (Jul 05)