0

I'm doing a nmap scan to my own machine to my own machine. First of all I set the port 333 to listen with this command sudo nc -lvnp 333

On the other terminal I run sudo nmap -O -sV -p 0-65535 IP where IP is my local IP. The result I got on the nmap terminal is this one:

enter image description here

But on the terminal where I opened the port, the process finishes and I have this message:

    root@kali:~$ sudo nc -lvnp 333
    listening on [any] 333 ...
    connect to [IP] from (UNKNOWN) [IP] 47462

I got curious and I tried to do the same thing with proxychain just to check which IP would appear, so I run sudo proxychains nmap -O -sV -p 0-65535 IP

The result on the nmap terminal was different I guessed because the limitations of nmap through proxy I read in other places:

enter image description here

But when I checked on the nc terminal the process didn't finish and it doesn't seem that noticed some scan was checking that port. Which is the reason that with proxychains the scan was stealthy?

rcarba
  • 103
  • 3

2 Answers2

1

You are basically comparing access from the local machine to the local machine (i.e. fully internal to the machine) with no firewalls in between to access from some remote machine to your local machine with likely firewalls and maybe even NAT in between. It is expected that the results will be different since firewalls/NAT block the traffic.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
1

The only scan type you can use over proxychains is a connect scan where a full TCP connection is established at port scanning. The default for nmap is SYN scanning, where TCP connections are not fully established (connecting party stops talking to the server after it receives the first SYN/ACK packet).

Therefore, when you scan locally, you're doing SYN scans and all is well. When you scan over proxychains, you're doing SYN scans and you can't trust the output. If you want to compare the outputs you need to run both port scans without service or OS detection but with connect scans enabled -sT.

Please see How to use nmap through proxychains? for more info.

Pedro
  • 3,911
  • 11
  • 25