Nmap Development mailing list archives
Re: ambiguity about nmap results
From: "sara fink" <sara.fink () gmail com>
Date: Sat, 31 May 2008 01:34:51 +0300
On Sat, May 31, 2008 at 12:04 AM, Rob Nicholls <robert () everythingeverything co uk> wrote:
Hi Sara, I ran a connect scan earlier from http://nmap-online.com/ which appeared to be faster and much more reliable, you may wish to give that a try instead. It is still using Nmap 4.11 though.
I tried it and it looks reliable and fast. No more nmapyourself.com ;-) And for that thanks.
Two of the ports you saw from nmapyourself that were allegedly filtered are well known Windows ports. I suspect what you're seeing *might* be an ISP (perhaps yours, perhaps at nmapyourself's end) filtering the network traffic, possibly in an attempt to limit the infection/distribution of old Windows-based attacks.
I don't have windows. ;-)
Because your netstat shows that you should be listening on TCP ports 8010 (jabber?), 37323, 6543 and 6544 (the last two are typically seen if you've installed MythTV*, which also probably explains why you have mysql running on localhost too), I suggest you perform a scan that includes those open ports (e.g. -p 6540-6550) so you can verify that you're getting accurate results (if you use my example above I'd expect you to see two ports that are open, the rest should be closed [or filtered]).
I use jabber for gtalk in kopete. mythtv you were right. Disabled mysql after your suggestion. Will check now for mythtv issue as well. Thanks.
I'm not sure why the other scan returned so many open ports, I would expect you to see closed or filtered when scanning -p 1-1024 with your setup. Without seeing something like the output of --packet-trace it's hard to say what's going on.
I have few suspicions about that. The remote server belongs to university. They block pings inside and outside. This might cause the problem? Or just because it's an old version? I tried now --packet-trace and it's so old that it doesn't even have this flag. But I will check the nmap-online with this flag.
I've been assuming that your laptop's IP and your external IP are the same (i.e. you're sat directly on the internet). If you're using a NAT (or PAT) router, for example, a scan of your external IP address might be returning TCP resets from the router rather than your laptop (as the unexpected incoming traffic never actually reaches your laptop on its private IP address).
You assumed correctly. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- ambiguity about nmap results sara fink (May 30)
- RE: ambiguity about nmap results Thomas Tavaris J (Tavaris) (May 30)
- Re: ambiguity about nmap results Mike pattrick (May 30)
- Re: ambiguity about nmap results DePriest, Jason R. (May 30)
- Re: ambiguity about nmap results sara fink (May 30)
- Re: ambiguity about nmap results sara fink (May 30)
- RE: ambiguity about nmap results Rob Nicholls (May 30)
- Re: ambiguity about nmap results sara fink (May 30)
- Re: ambiguity about nmap results sara fink (May 30)
- Re: ambiguity about nmap results Mike pattrick (May 30)
- Re: ambiguity about nmap results sara fink (May 30)
- Re: ambiguity about nmap results Brandon Enright (May 30)
- Re: ambiguity about nmap results sara fink (May 30)
- Re: ambiguity about nmap results DePriest, Jason R. (May 30)
- Re: ambiguity about nmap results sara fink (May 30)
- Re: ambiguity about nmap results Kris Katterjohn (May 30)
- Re: ambiguity about nmap results doug (May 30)
- Re: ambiguity about nmap results sara fink (May 30)
- Re: ambiguity about nmap results bensonk (May 31)