Nmap Development mailing list archives

Re: Strange behavior with -p parameter.

From: David Fifield <david () bamsoftware com>
Date: Thu, 19 Jul 2012 18:33:19 -0700

On Thu, Jul 19, 2012 at 12:13:48PM +0100, Marcin Prączko wrote:

Dear developers,

Today I've noticed strange nmap behavior with -p parameter.
I wanted test our servers (after unlocking port 80,443) and these is
what happen:

Command run:(IP was replaced with valid IP, X-Y - range of IPs)
nmap -sT -P0 -p 80,443 IP.X-Y

Result:
Starting Nmap 5.21 ( http://nmap.org ) at 2012-07-19 11:55 BST
Nmap scan report for IP
Host is up (0.0031s latency).
PORT    STATE    SERVICE
80/tcp  open     http
443/tcp filtered https

...

Port 443 is marked as filtered - and should be open.

The same command run on each server with -p 80 or -p 443 only.
nmap -sT -P0 -p 443 IP.X-Y

Starting Nmap 5.21 ( http://nmap.org ) at 2012-07-19 11:55 BST
Nmap scan report for IP
Host is up (0.33s latency).
PORT    STATE SERVICE
443/tcp open  https

...

This happen on following configuration:
OpenSuse 11.4 (i586)

nmap-5.21-6.1.i586
No update candidate for 'nmap-5.21-6.1.i586'. The highest available
version is already installed.

Could you advice how I can check whether this is OpenSuse or Namp
issue, please?
How I can debug more what nmap is doing and why this 443 is marked as
filltered when (-p 80,443) is used and port is open when (-p 443) is
used?
The same command on RedHat with nmap 4 is working exectly as expected.


To help debug you can use the --packet-trace option. Also use -d so that
you can wee the reasons why packets are marked in a particular state.
--packet-trace will show you what packets Nmap sends and receives. You
should be able to see what kind of response you receive for -p 443, and
then see if the same response is received (or not) for -p 80,443.

The first step is to run the scans a few times to see if the error
happens always, or only sometimes.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Strange behavior with -p parameter. Marcin Prączko (Jul 19)
- Re: Strange behavior with -p parameter. David Fifield (Jul 19)