Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible bug?

From: Mike Calmus via dev <dev () nmap org>
Date: Sat, 8 Aug 2020 16:53:57 -0400
FWIW I see the same results on that host using nmap 7.80 on MacOS.

Nmap version 7.80 ( https://nmap.org )
Platform: x86_64-apple-darwin17.7.0
Compiled with: nmap-liblua-5.3.5 openssl-1.0.2s nmap-libssh2-1.8.2 libz-1.2.11 nmap-libpcre-7.6 nmap-libpcap-1.9.0 
nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: kqueue poll select

Running the command requested I get:


nmap -d -p1-10,80,443 65.199.38.168

Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-08 16:30 EDT
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
Initiating Ping Scan at 16:30
Scanning 65.199.38.168 [2 ports]
Completed Ping Scan at 16:30, 0.02s elapsed (1 total hosts)
Overall sending rates: 110.59 packets / s.
mass_rdns: Using DNS server 192.168.86.1
Initiating Parallel DNS resolution of 1 host. at 16:30
mass_rdns: 0.05s 0/1 [#: 1, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 16:30, 0.04s elapsed
DNS resolution of 1 IPs took 0.05s. Mode: Async [#: 1, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect Scan at 16:30
Scanning 65.199.38.168 [12 ports]
Discovered open port 443/tcp on 65.199.38.168
Completed Connect Scan at 16:30, 1.21s elapsed (12 total ports)
Overall sending rates: 19.00 packets / s.
Nmap scan report for 65.199.38.168
Host is up, received syn-ack (0.018s latency).
Scanned at 2020-08-08 16:30:58 EDT for 1s

PORT    STATE    SERVICE     REASON
1/tcp   filtered tcpmux      no-response
2/tcp   filtered compressnet no-response
3/tcp   filtered compressnet no-response
4/tcp   filtered unknown     no-response
5/tcp   filtered rje         no-response
6/tcp   filtered unknown     no-response
7/tcp   filtered echo        no-response
8/tcp   filtered unknown     no-response
9/tcp   filtered discard     no-response
10/tcp  filtered unknown     no-response
80/tcp  filtered http        no-response
443/tcp open     https       syn-ack
Final times for host: srtt: 17654 rttvar: 13448  to: 100000

Read from /usr/local/bin/../share/nmap: nmap-payloads nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 1.36 seconds



On Jul 22, 2020, at 4:57 PM, Daniel Miller <bonsaiviking () gmail com> wrote:

Shaun,

That's an interesting problem. I can see you're using Nmap on Windows; which version of Npcap are you using? You can 
get this information by running: nmap --version

What is the output of the following command when port 443 is open and also when it is closed? nmap -d -p1-10,80,443

Dan

On Mon, Jul 20, 2020 at 1:39 AM Shaun Michelson via dev <dev () nmap org <mailto:dev () nmap org>> wrote:
I have come across a case where, if you open port 443 on a public facing interface, nmap will report dozens of other 
open ports on that host. If you then close port 443, nmap cannot detect the host at all. I have replicated on 
multiple hosts running both Ubuntu and Windows Server OS.

 

Attached are the results of an example nmap scan on a machine with a single port open (443), the results of which 
show dozens of other ports open.

 

Also attached are a port probe using grc.com <http://grc.com/> ShieldsUp service, the results of which show only port 
443 open, as expected.

 

Just checking to see if anyone is aware of this behavior and if so what is the cause?

 

Thanks!

 

Shaun Michelson | Director, Information Technology | Apple Hospitality REIT

Ph: 804.727.6339 | smichelson () applereit com <mailto:smichelson () applereit com>
www.applehospitalityreit.com <http://www.applehospitalityreit.com/>
 

 

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev <https://nmap.org/mailman/listinfo/dev>
Archived at http://seclists.org/nmap-dev/ 
<http://seclists.org/nmap-dev/>_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Attachment: smime.p7s
Description: 

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: