Nmap Development mailing list archives
Qscan against localhost
From: David Fifield <david () bamsoftware com>
Date: Sat, 20 Mar 2010 22:13:36 -0600
I ran both qscan.nse and Nmap 4.52 with the patch from http://hcsw.org/nmap/nmap-4.52-qscan.patch against localhost and got surprising results. Here's the port table: PORT STATE SERVICE 21/tcp closed ftp 22/tcp open ssh 23/tcp closed telnet 25/tcp closed smtp 80/tcp closed http 110/tcp closed pop3 139/tcp closed netbios-ssn 443/tcp closed https 445/tcp closed microsoft-ds 3389/tcp closed ms-term-serv Here are the results over two trials. I would have expected all ports to be in the same family. Is localhost just too fast for a millisecond timer? My srtt after doing a port scan is 14 microseconds. # ./nmap --script=qscan localhost --top-ports 10 Host script results: | qscan: | PORT FAMILY MEAN STDDEV LOSS% | 21 0 1.70 0.48 0.0% | 22 0 1.60 0.70 0.0% | 23 1 1.20 0.42 0.0% | 25 0 1.30 0.67 0.0% | 80 0 1.40 0.52 0.0% | 110 0 1.50 0.97 0.0% | 139 0 1.80 0.92 0.0% | 443 1 1.30 0.48 0.0% | 445 1 1.30 0.48 0.0% |_3389 0 1.60 0.97 0.0% Nmap done: 1 IP address (1 host up) scanned in 21.30 seconds # ./nmap --script=qscan localhost --top-ports 10 Host script results: | qscan: | PORT FAMILY MEAN STDDEV LOSS% | 21 0 1.30 0.48 0.0% | 22 0 2.10 2.51 0.0% | 23 0 1.50 1.58 0.0% | 25 0 1.10 0.32 0.0% | 80 0 1.30 0.48 0.0% | 110 0 1.60 0.70 0.0% | 139 1 1.00 0.00 0.0% | 443 2 1.00 0.00 0.0% | 445 0 1.40 0.52 0.0% |_3389 0 1.20 0.42 0.0% Nmap done: 1 IP address (1 host up) scanned in 21.44 seconds # ./nmap -sQ localhost -p 21,22,23,25,80,110,139,443,445,3389 Qscan parameters: round trips: 10, avg delay = 200ms, confidence = 0.95 Target:Port Fam uRTT +/- Stddev Loss (%) 127.0.0.1:21 A 0.1 +/- 0.0 0 127.0.0.1:22 B 0.1 +/- 0.0 0 127.0.0.1:23 A 0.1 +/- 0.0 0 127.0.0.1:25 A 0.4 +/- 0.8 0 127.0.0.1:80 A 0.1 +/- 0.0 0 127.0.0.1:110 A 0.1 +/- 0.0 0 127.0.0.1:139 B 0.1 +/- 0.0 0 127.0.0.1:443 A 0.1 +/- 0.0 0 127.0.0.1:445 A 0.1 +/- 0.0 0 127.0.0.1:3389 A 0.1 +/- 0.0 0 # ./nmap -sQ localhost -p 21,22,23,25,80,110,139,443,445,3389 Qscan parameters: round trips: 10, avg delay = 200ms, confidence = 0.95 Target:Port Fam uRTT +/- Stddev Loss (%) 127.0.0.1:21 A 0.1 +/- 0.0 0 127.0.0.1:22 B 0.1 +/- 0.0 0 127.0.0.1:23 A 0.1 +/- 0.0 0 127.0.0.1:25 A 0.4 +/- 0.9 0 127.0.0.1:80 A 0.1 +/- 0.0 0 127.0.0.1:110 A 0.1 +/- 0.0 0 127.0.0.1:139 A 0.1 +/- 0.0 0 127.0.0.1:443 A 0.1 +/- 0.0 0 127.0.0.1:445 A 0.1 +/- 0.0 0 127.0.0.1:3389 A 0.1 +/- 0.0 0 David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Qscan in NSE: qscan.nse, (continued)
- Re: Qscan in NSE: qscan.nse Fyodor (Mar 20)
- Re: Qscan in NSE: qscan.nse Ron (Mar 19)
- Re: Qscan in NSE: qscan.nse Kris Katterjohn (Mar 19)
- Re: Qscan in NSE: qscan.nse David Fifield (Mar 20)
- Re: Qscan in NSE: qscan.nse Kris Katterjohn (Mar 21)
- Re: Qscan in NSE: qscan.nse Arturo 'Buanzo' Busleiman (Mar 20)
- Re: Qscan in NSE: qscan.nse Arturo 'Buanzo' Busleiman (Mar 18)
- Re: Qscan in NSE: qscan.nse doug (Mar 20)
- Re: Qscan in NSE: qscan.nse Arturo 'Buanzo' Busleiman (Mar 20)
- Re: Qscan in NSE: qscan.nse Kris Katterjohn (Mar 21)
- Qscan against localhost David Fifield (Mar 20)
- Re: Qscan in NSE: qscan.nse jah (Mar 21)
- Re: Qscan in NSE: qscan.nse Kris Katterjohn (Mar 21)
- Re: Qscan in NSE: qscan.nse jah (Mar 22)
- Re: Qscan in NSE: qscan.nse Ron (Mar 22)
- Re: Qscan in NSE: qscan.nse Arturo 'Buanzo' Busleiman (Mar 23)