Nmap Development mailing list archives
RE: ambiguity about nmap results
From: "Rob Nicholls" <robert () everythingeverything co uk>
Date: Fri, 30 May 2008 22:04:28 +0100
Hi Sara, I ran a connect scan earlier from http://nmap-online.com/ which appeared to be faster and much more reliable, you may wish to give that a try instead. It is still using Nmap 4.11 though. Two of the ports you saw from nmapyourself that were allegedly filtered are well known Windows ports. I suspect what you're seeing *might* be an ISP (perhaps yours, perhaps at nmapyourself's end) filtering the network traffic, possibly in an attempt to limit the infection/distribution of old Windows-based attacks. Because your netstat shows that you should be listening on TCP ports 8010 (jabber?), 37323, 6543 and 6544 (the last two are typically seen if you've installed MythTV*, which also probably explains why you have mysql running on localhost too), I suggest you perform a scan that includes those open ports (e.g. -p 6540-6550) so you can verify that you're getting accurate results (if you use my example above I'd expect you to see two ports that are open, the rest should be closed [or filtered]). I'm not sure why the other scan returned so many open ports, I would expect you to see closed or filtered when scanning -p 1-1024 with your setup. Without seeing something like the output of --packet-trace it's hard to say what's going on. I've been assuming that your laptop's IP and your external IP are the same (i.e. you're sat directly on the internet). If you're using a NAT (or PAT) router, for example, a scan of your external IP address might be returning TCP resets from the router rather than your laptop (as the unexpected incoming traffic never actually reaches your laptop on its private IP address). * http://www.mythtv.org/docs/mythtv-HOWTO-3.html says: It is strongly recommended that you do not expose the MythTV and MySQL ports to the Internet or your "Outside" LAN. Rob
-----Original Message----- From: sara fink [mailto:sara.fink () gmail com] Sent: 30 May 2008 20:25 To: DePriest, Jason R. Cc: Nmap Dev Subject: Re: ambiguity about nmap results If I run from my laptop nmap -sT my external ip it shows me all ports are closed. On Fri, May 30, 2008 at 10:22 PM, sara fink <sara.fink () gmail com> wrote:on my laptop I have nmap version 4.60 from gentoo portage. 4.62 appears as non stable in portage. How can I measure reliably what ports are open on my laptop. I don't have root access to remote servers to run something else than nmap -sT. and the version there appears to be old. On Fri, May 30, 2008 at 10:13 PM, DePriest, Jason R. <jrdepriest () gmail com> wrote:On Fri, May 30, 2008 at 7:47 PM, sara fink <> wrote:I tried to use nmap from this web site:http://www.nmapyourself.com/.If I try to run nmap on my external ip say at range 1-1024 withflag -sT I getStarting Nmap 4.20 ( http://insecure.org ) at 2008-05-30 14:42 EDTOld version: ^^^^ 4.62 is the latest you can download as released.Interesting ports on some ip .: Not shown: 1022 closed ports PORT STATE SERVICE 0/tcp filtered unknown 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds To check myself again, I connected via ssh to some other site andfromthere ran nmap -sT -p 1-1024 ipFrom there I got a completely different result. Almost all the1025ports are open except very few. Someone can explain me why I get such a difference?Also, nmapyourself.com isn't run by Fyodor, so you should probablyaskthe guy who runs the site to check it out._______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- ambiguity about nmap results sara fink (May 30)
- RE: ambiguity about nmap results Thomas Tavaris J (Tavaris) (May 30)
- Re: ambiguity about nmap results Mike pattrick (May 30)
- Re: ambiguity about nmap results DePriest, Jason R. (May 30)
- Re: ambiguity about nmap results sara fink (May 30)
- Re: ambiguity about nmap results sara fink (May 30)
- RE: ambiguity about nmap results Rob Nicholls (May 30)
- Re: ambiguity about nmap results sara fink (May 30)
- Re: ambiguity about nmap results sara fink (May 30)
- Re: ambiguity about nmap results Mike pattrick (May 30)
- Re: ambiguity about nmap results sara fink (May 30)
- Re: ambiguity about nmap results Brandon Enright (May 30)
- Re: ambiguity about nmap results sara fink (May 30)
- Re: ambiguity about nmap results DePriest, Jason R. (May 30)
- Re: ambiguity about nmap results sara fink (May 30)
- Re: ambiguity about nmap results Kris Katterjohn (May 30)
- Re: ambiguity about nmap results doug (May 30)
- Re: ambiguity about nmap results sara fink (May 30)