All Questions
16
questions
0
votes
1
answer
20k
views
I am trying to exploit port 7000/tcp afs3-fileserver
I have been trying to exploit a cheap smart tv box that I have bought a while ago and after my nmap scan I found that port 7000/tcp was open but researching about the port gave back not much ...
3
votes
2
answers
7k
views
Nmap not following redirect when using "http-title" script
I am trying to scan a bunch of IPs for their http-title.
Now the problem I have is that nmap pretty much never follows any redirects.
Usually the title I want is behind that redirect though.
For ...
20
votes
1
answer
27k
views
Nmap - Closed vs Filtered
A lot of people seem to ask this question, as there are a bunch of posts about it; however I feel like none truly answer the question (that I have found).
I want to understand why Nmap decides to tell ...
3
votes
1
answer
692
views
Is it possible to scan the top X UDP ports and the top Y (X!=Y) TCP ports in Nmap using a single command?
Given X!=Y, is there any way to scan the top (--top-ports) X TCP ports and the top Y UDP ports using a simple Nmap command?
The --top-ports parameter affects both the TCP and UDP scans (e.g., when -...
1
vote
1
answer
320
views
nmap - protocol discovery doesn't work with fragmented packets
Using nmap to do a protocol discovery (nmap myhost -sO) identifies the following on my target. Note reason switch is also used.
PROTOCOL STATE SERVICE REASON
1 open icmp echo-reply ttl ...
-1
votes
2
answers
1k
views
nmap shows that some ports are open, but when i test it online it isnt
Nmap shows that some ports are open, but when I test if the ports are open from the internet (using certain tools) it says that the ports are closed. Struggling quite a bit, can anyone explain why ...
1
vote
1
answer
3k
views
Can Inverse TCP Flag Scan be run as a stealth scan?
How exactly does the Inverse TCP flag scan run and can we run it as a stealth scan?
1
vote
0
answers
2k
views
Understanding remote OS detection using Scapy
I am trying to understand remote OS detection techniques using Scapy. I came across the following article SANS article on Remote OS detection using Scapy and have been trying to follow it.
The ...
2
votes
3
answers
1k
views
Nmap TCP scan decreases the progress percentage
I'm performing a TCP scan on a network and noticed that nmap decreased the percentage of the progress.
The command is: nmap -A -sT 10.0.0.1-254 -oG scan.txt
Amongst the output I found:
Stats: 0:13:...
11
votes
2
answers
3k
views
What's the advantage of sending an RST packet after getting a response in a SYN scan?
I'm reading about nmap's SYN scan, and it says Nmap sends an RST immediately after the server tries to establish the handshake.
My question is - why bother with the RST? Is it to prevent the server ...
1
vote
1
answer
476
views
Open TCP port on cable modem TG1672G
TG1672G cable modem in bridge mode, the modem's built in router still gets a IPv4/IPv6 public address (and devices connected to the modem can get public IPv4/IPv6 addresses too). This modem is Intel ...
2
votes
1
answer
679
views
NMAP's explicitely closed ports
I'm working on a challenge and I notice this odd output for a full port scan?
abc@desktop:~$ nmap -T5 -p- -sV x.x.x.x -PN
Interesting ports on x.x.x.x:
Not shown: 65533 filtered ports
PORT ...
4
votes
2
answers
789
views
When should I drop a packet with ICMP type 3, code 9 or 10, TCP RST, or TCP ACK?
This answer says there are a few ways of dealing with a blocked packet at a firewall:
At each of these levels a 1st IP packet (and any other protocol
packet as an ESP or AH packet) might receive ...
2
votes
2
answers
3k
views
Any way to circumvent a 'filtered' response on NMap?
I know that a filtered response on NMap means that the firewall dropped the packets or that NMap just didn't receive a response, but is there any way to circumvent this?
Is it possible that the ...
0
votes
2
answers
2k
views
Does Nmap requires a closed TCP port to do OS fingerprinting?
I was checking the security of a server by running Nmap. Last time it gives me the following results, indicating that OS could not be fingerprinted:
PORT STATE SERVICE VERSION
21/tcp ...