IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [nmap]

A robust and open source security tool for network discovery and security auditing.

Nmap ("Network Mapper") uses raw IP packets in ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

Nmap runs on all major computer operating systems, with official binary packages available for Linux, Windows, and Mac OS X, and works equally well in both large network and single-host environments.

In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool that also offers transfer encryption (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).

Sources:

514 questions
302
votes
8 answers

How to find live hosts on my network?

I am trying to find the live hosts on my network using nmap. I am scanning the network in Ubuntu using the command sudo nmap -sP 192.168.2.1/24. However, I am unable to find the live hosts. I just get the network address of my own PC as live. When I…
TheRookierLearner
  • 4,222
  • 8
  • 24
  • 28
50
votes
7 answers

How to bypass tcpwrapped with nmap scan

I ran a scan with nmap -n -vv -A x.x.x.x --min-parallelism=50 --max-parallelism=150 -PN -T2 -oA x.x.x.x With the following result: Host is up (0.032s latency). Scanned at 2012-10-25 16:06:38 AST for 856s PORT STATE SERVICE VERSION 1/tcp …
KING SABRI
  • 675
  • 1
  • 5
  • 6
28
votes
3 answers

How does "traceroute over TCP" work, what are the risks, and how can it be mitigated?

There is a utility called tcptraceroute, and this enhancement called intrace that is used just like a standard traceroute, but it works over TCP. How is the syn flag in TCP used to achieve traceroute like functionality (when ICMP is off) What…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
22
votes
6 answers

Why do hackers scan for open ports?

So, whenever you hear of the mean little hackers who hack websites you hear of "port scanning". I understand what it is (looking for all open ports / services on a remote machine), however that begs the question: Why would an attacker want to know…
Joseph
  • 523
  • 1
  • 4
  • 14
19
votes
3 answers

What are the security issues of open ports?

What could be the threats of having the ports open, after performing a nmap scan and identifying the open ports? I already searched for some answers for this question, but couldn't find anything specific. Is there any particular issue with each and…
Kulasangar
  • 339
  • 2
  • 5
  • 13
19
votes
4 answers

Nmap says host down when host is up

I am using Nmap 7.12 on Mac OS X. The host that is being scanned is a Linux RHEL server in VirtualBox. I can ping the server and receive ICMP replies and vice versa. I am scanning an IP inside the subnet as per the below information with the Nmap…
anxious
  • 191
  • 1
  • 1
  • 4
18
votes
7 answers

Nmap reporting almost every port as open

I have noticed during some assesments when doing a TCP port scan, Nmap will report almost every port as open for a machine. Using for example nmap -sS -PN -T4 target -p0-65535, over 20,000 ports will be returned as open. On further investigation,…
Sonny Ordell
  • 3,476
  • 9
  • 33
  • 56
17
votes
2 answers

Is it possible to identify who's behind a nmap -D scan?

Nmap's -D option stands for decoy, which means that the attacker can simulate that the attack is coming from multiple IPs, including attacker's IP. From the point of view of the victim, is it possible to identify the real IP and then trace back the…
The Illusive Man
  • 10,487
  • 16
  • 56
  • 88
16
votes
1 answer

Nmap - Closed vs Filtered

A lot of people seem to ask this question, as there are a bunch of posts about it; however I feel like none truly answer the question (that I have found). I want to understand why Nmap decides to tell me that a specific port is "filtered" when there…
Ryan B
  • 163
  • 1
  • 1
  • 5
15
votes
1 answer

What does -Pn option mean in nmap?

I am trying to do a nmap scan on a machine in my home network. When I do the regular scan (using nmap 192.168.2.10 or nmap -sP 192.168.2.10), the results say host is down. However, when I use the option -Pn, I get the result saying host is up. What…
TheRookierLearner
  • 4,222
  • 8
  • 24
  • 28
14
votes
2 answers

different results using nmap with/without sudo

What is the reason that after running: $ nmap -sP 192.168.1.0/24 I got 3 results, but running: $ sudo nmap -sP 192.168.1.0/24 shows 7 results. What is the role of using sudo here?
ecandelas
  • 141
  • 1
  • 1
  • 3
14
votes
5 answers

How to detect hosts running in virtual machines with nmap?

I have to determine if a given subnet has virtual hosts. Are there any ideas about what switches to use?
py_script
  • 781
  • 2
  • 7
  • 10
13
votes
1 answer

Connection to ports 2000 and 5060 successful despite filtering

I run my own (Ubuntu based) router and have iptables configured to drop all incoming packets by default. To my surprise, running an nmap scan (from the WAN side) shows two open ports related to VOIP: nmap -Pn -v --reason XXX.net Starting Nmap 7.60…
Christian David
  • 233
  • 1
  • 2
  • 5
13
votes
3 answers

How can I detect the remote operating system?

Is it possible to detect the operating system type remotely from another system using any tools like nmap without admin privileges? What are the other alternatives for achieving this?
user45475
  • 1,030
  • 2
  • 9
  • 14
12
votes
5 answers

Is there a nmap command to get the top # most common ports?

I understand nmap by default scans the top 1k 'most common' ports (-F reduces to 100) I understand it gets these 'most common' ports based on the nmap-services file, specifically the frequency (3rd column) Say you're curious or doing…
gregg
  • 283
  • 2
  • 3
  • 7
1
2 3
34 35