Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: d2 and closed ports output

From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 4 May 2016 09:57:12 -0500
Mike,

On Thu, Apr 21, 2016 at 10:58 PM, Mike . <dmciscobgp () hotmail com> wrote:


hello


just wondering if there is any way i scan and keep the d2 output for
debugging but also able to omit the "Discovered closed port" long list i
get back after the scan, because it "covers up" the actual result. i tried
-open but the d2 overrides that. prob something simple for a fix that i am
not aware of. anyone know?




The easiest way to do this would be to filter the results after scanning to
exclude lines you don't want. IIRC you are on Windows, so the command might
be:

findstr /v /c:"Discovered closed" output.txt | findstr /v /c:"/[ut][dc]p
*closed" > stripped.txt

On GNU or Unix systems, you could use grep:

grep -v -e "^Discovered closed" -e "/[ut][dc]p *closed" output.txt >
stripped.txt



last issue , and a bizare one. i have a simple CISCO SPTVG router alot of
people have. i always have 80 open for the config page and i can always
connect to it to make changes from my end. however, i have noticed, right
after a simple -sV scan, just querying that port...i then get a FILTERED
for my router on that port and the router literally has to be reset to get
it open again. why is this?



Nmap's service scan (-sV) sends lots of probes to unknown services, and
some poorly-written services crash when these probes are received. Embedded
systems like home routers, IoT devices, medical devices, and industrial
control systems are particularly frequent victims of this effect. There's
really no excuse because these probes have been public for decades.

If you can manage to get a service fingerprint from this service, please
submit it at https://nmap.org/submit/ so that future scans will stop after
correctly identifying the service, without continuing on to use more
unusual probes that are probably causing the crash.

Dan

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: