Nmap Development mailing list archives
nmap sees itself doing an UDP scan on the local host
From: Ward Vandewege <ward.vandewege () gmail com>
Date: Tue, 8 Nov 2005 21:39:59 -0500
Hi there, I'm seeing something odd doing a udp scan of local IP addresses (can be 127.0.0.1 <http://127.0.0.1>, or any locally defined IP). Try this, for instance: nmap 127.0.0.1 <http://127.0.0.1> -sV -sU -p 1-65535 If you're on Linux (as I am - Debian Sarge), the kernel throttling will not kick in since you're scanning a local IP. This run gives as results (e.g.): Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-09 03:21 CET Interesting ports on io (127.0.0.1 <http://127.0.0.1>): (The 65532 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 53/udp open|filtered domain 514/udp open|filtered syslog 49268/udp open unknown Nmap finished: 1 IP address (1 host up) scanned in 62.615 seconds The syslog and dns ports are normal. What's odd is the high 'open' port. Running nmap multiple times always returns 53 and 514, and each time a different (high) third port. So I ran a tcpdump while doing the above scan: tcpdump -i lo -n udp And this is what I saw: ... 03:21:58.249825 IP 127.0.0.1.49268 > 127.0.0.1.34723: UDP, length: 0 03:21:58.249978 IP 127.0.0.1.49268 > 127.0.0.1.14722: UDP, length: 0 03:21:58.250101 IP 127.0.0.1.49268 > 127.0.0.1.43886: UDP, length: 0 03:21:58.250236 IP 127.0.0.1.49268 > 127.0.0.1.16476: UDP, length: 0 ... As you can see, nmap sees itself in the udp scan! Now; I may be missing something. I googled, read man pages, etc, and could not find any references to this behaviour. Is there a way to stop nmap from seeing itself doing a local UDP scan? That would be very useful, as it currently messes up my automated nmap scans that check for new ports... I'm running nmap from the stock Sarge nmap package. Thanks, Ward. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- nmap sees itself doing an UDP scan on the local host Ward Vandewege (Nov 08)
- <Possible follow-ups>
- Re: nmap sees itself doing an UDP scan on the local host 4N9e Gutek (Nov 10)