Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: open.scanme.nmap.org suggestion

From: "Luis MartinGarcia." <luis.mgarc () gmail com>
Date: Tue, 05 Jul 2011 12:47:33 +0200
On 06/28/2011 01:54 AM, Fyodor wrote:

On Sat, Jun 25, 2011 at 10:51:01PM +0100, Wolfric wrote:

Hi Folks

What are the chances we could see basically a box out there like
scanme but with all the ports open and with a service listening (even
if it's just an echo server or redirecting everything to ssh on tcp
and udp.

This is extremely useful for testing which ports are blocked from
inside a firewalled environment however I can see how scanning 65k
ports could probably piss off whoever is hosting the server as it
would probably garner a lot more activity per user and a lot heavier
use. Sure if the load becomes too heavy you can just tank the idea and
take the domain name offline.

I myself have an amazon cloud server setup for just this and I've
found it dead handy but I thought it'd be a nice idea for nmap to have
an official one.

Thanks for the suggestion.  If you're OK with other people scanning
the machine you set up for this purpose, you're certainly welcome to
announce the IP address here on nmap-dev and/or other email addresses
or social networks you might use.  You can even give it a memorable
DNS name so people might recall it in a pinch.


Hi Wolfric,

I don't know if you are familiar with our Nping and its "Echo mode" but
it can certainly provide the kind of functionality you are looking for.
We run a public echo server at echo.nmap.org. From my box I can do this:

luis@Aberdeen:~$ sudo nping --ec public echo.nmap.org -p80-90 --tcp
--count 1 --no-capture

Starting Nping 0.5.52.IPv6.Beta2 ( http://nmap.org/nping ) at 2011-07-05
12:35 CEST
SENT (2.0544s) TCP 163.117.203.253:24089 > 74.207.244.221:80 S ttl=64 [...]
CAPT (2.1883s) TCP 163.117.203.253:24089 > 74.207.244.221:80 S ttl=54 [...]
SENT (3.0561s) TCP 163.117.203.253:24089 > 74.207.244.221:81 S ttl=64 [...]
CAPT (3.1697s) TCP 163.117.203.253:24089 > 74.207.244.221:81 S ttl=54 [...]
SENT (4.0573s) TCP 163.117.203.253:24089 > 74.207.244.221:82 S ttl=64 [...]
CAPT (4.1697s) TCP 163.117.203.253:24089 > 74.207.244.221:82 S ttl=54 [...]
SENT (5.0591s) TCP 163.117.203.253:24089 > 74.207.244.221:83 S ttl=64 [...]
CAPT (5.1712s) TCP 163.117.203.253:24089 > 74.207.244.221:83 S ttl=54 [...]
SENT (6.0603s) TCP 163.117.203.253:24089 > 74.207.244.221:84 S ttl=64 [...]
CAPT (6.1662s) TCP 163.117.203.253:24089 > 74.207.244.221:84 S ttl=54 [...]
SENT (7.0622s) TCP 163.117.203.253:24089 > 74.207.244.221:85 S ttl=64 [...]
CAPT (7.1778s) TCP 163.117.203.253:24089 > 74.207.244.221:85 S ttl=54 [...]
SENT (8.0634s) TCP 163.117.203.253:24089 > 74.207.244.221:86 S ttl=64 [...]
CAPT (8.1784s) TCP 163.117.203.253:24089 > 74.207.244.221:86 S ttl=54 [...]
SENT (9.0644s) TCP 163.117.203.253:24089 > 74.207.244.221:87 S ttl=64 [...]
CAPT (9.1782s) TCP 163.117.203.253:24089 > 74.207.244.221:87 S ttl=54 [...]
SENT (10.0661s) TCP 163.117.203.253:24089 > 74.207.244.221:88 S ttl=64 [...]
CAPT (10.1796s) TCP 163.117.203.253:24089 > 74.207.244.221:88 S ttl=54 [...]
SENT (11.0680s) TCP 163.117.203.253:24089 > 74.207.244.221:89 S ttl=64 [...]
CAPT (11.1801s) TCP 163.117.203.253:24089 > 74.207.244.221:89 S ttl=54 [...]
SENT (12.0691s) TCP 163.117.203.253:24089 > 74.207.244.221:90 S ttl=64
[...]
CAPT (12.1803s) TCP 163.117.203.253:24089 > 74.207.244.221:90 S ttl=54
[...]

Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
Raw packets sent: 11 (440B) | Rcvd: 0 (0B) | Lost: 11 (100.00%)| Echoed:
10 (400B)
Tx time: 10.01570s | Tx bytes/s: 43.93 | Tx pkts/s: 1.10
Rx time: 10.01582s | Rx bytes/s: 0.00 | Rx pkts/s: 0.00
Nping done: 1 IP address pinged in 12.07 seconds


The command basically says: "Hey, Nping, how are you doing? Please,
establish an Echo mode session with the echo server at echo.nmap.org,
and tell him that you are going to send TCP packets that target ports
80, 81, 82..., 90. If the server is OK with that, send such packets and
make the server send you a copy of them as they reach him". [Note that
I've used --no-capture to avoid receiving RST|ACK responses, so the
output is a bit clearer]

So from the output you can see that all the probes sent by the client
reached the server (I only tested 11 ports but nothing prevents you from
passing -p0-65535. Also, you may notice that the server is 10 hops away
from my box, as the TTL value was 54 when the packets got there.

In my opinion, this echo mode has a great potential for network
diagnostics. You may want to have a look at Nping's reference guide.

Regards,

Luis MartinGarcia.










_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: