Re: scanning Mac OS X with nmap

[Tom Sellers <nmap () fadedcode net>]

On 9/28/2011 3:56 AM, Asli Koksal wrote:
> Hello all,
>
> I am trying to scan a Mac OS X 10.7.1 machine. When I run nmap as normal
> user it gives me the output as below:
>
> nmap -PN 10.0.0.11
>
> Starting Nmap 5.21 ( http://nmap.org ) at 2011-09-28 11:52 EEST
>
> Nmap scan report for 10.0.0.11
>
> Host is up (0.035s latency).
>
> Not shown: 99 closed ports
>
> PORT     STATE    SERVICE
>
> 1720/tcp filtered H.323/Q.931
>
> Nmap done: 1 IP address (1 host up) scanned in 1.69 seconds
>
>
> But the same machine I try the same command as su, it gives no results:
>
> sudo nmap -PN --osscan-guess -F 10.0.0.11
>
> Starting Nmap 5.21 ( http://nmap.org ) at 2011-09-28 11:53 EEST
>
> Nmap done: 1 IP address (0 hosts up) scanned in 0.35 seconds
>
>
> What can be the problem?
>
> Thanks in advance.

The primary difference between your two examples is the inclusion of the -F switch on the second scan.  This
parameter tells Nmap to perform a Fast scan that only hits the most common 100 ports.  Your first scan
used the default port list which is the top 1000 most common ports.  You may wish to review the following
reference link:   http://nmap.org/book/man-port-specification.html


To perform a scan of all ports you may wish to use the following command

sudo nmap -sS -PN -p- 10.0.0.11

The use of '-p-' tells Nmap to scan ALL ports.

Keep in mind that the above command, like the commands that you specified, does not tell Nmap to scan UDP
ports, only TCP ports.

Good luck,
Tom
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/