Questions tagged [nmap]
A robust and open source security tool for network discovery and security auditing.
534
questions
313
votes
8
answers
1.2m
views
How to find live hosts on my network?
I am trying to find the live hosts on my network using nmap. I am scanning the network in Ubuntu using the command sudo nmap -sP 192.168.2.1/24. However, I am unable to find the live hosts. I just get ...
- 4,372
53
votes
7
answers
255k
views
How to bypass tcpwrapped with nmap scan
I ran a scan with
nmap -n -vv -A x.x.x.x --min-parallelism=50 --max-parallelism=150 -PN -T2 -oA x.x.x.x
With the following result:
Host is up (0.032s latency).
Scanned at 2012-10-25 16:06:38 AST for ...
- 705
29
votes
3
answers
65k
views
How does "traceroute over TCP" work, what are the risks, and how can it be mitigated?
There is a utility called tcptraceroute, and this enhancement called intrace that is used just like a standard traceroute, but it works over TCP.
How is the syn flag in TCP used to achieve traceroute ...
- 51k
22
votes
6
answers
57k
views
Why do hackers scan for open ports?
So, whenever you hear of the mean little hackers who hack websites you hear of "port scanning". I understand what it is (looking for all open ports / services on a remote machine), however ...
- 523
22
votes
7
answers
37k
views
Nmap reporting almost every port as open
I have noticed during some assesments when doing a TCP port scan, Nmap will report almost every port as open for a machine.
Using for example nmap -sS -PN -T4 target -p0-65535, over 20,000 ports will ...
- 3,596
22
votes
2
answers
52k
views
Nmap scan what does STATE=filtered mean? [duplicate]
When I scanned a host for open ports I came across the following result:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
139/tcp filtered netbios-ssn
445/tcp filtered ...
20
votes
3
answers
37k
views
What are the security issues of open ports?
What could be the threats of having the ports open, after performing a nmap scan and identifying the open ports?
I already searched for some answers for this question, but couldn't find anything ...
- 349
20
votes
1
answer
45k
views
What does -Pn option mean in nmap? [closed]
I am trying to do a nmap scan on a machine in my home network. When I do the regular scan (using nmap 192.168.2.10 or nmap -sP 192.168.2.10), the results say host is down. However, when I use the ...
- 4,372
20
votes
1
answer
27k
views
Nmap - Closed vs Filtered
A lot of people seem to ask this question, as there are a bunch of posts about it; however I feel like none truly answer the question (that I have found).
I want to understand why Nmap decides to tell ...
- 303
19
votes
4
answers
117k
views
Nmap says host down when host is up
I am using Nmap 7.12 on Mac OS X. The host that is being scanned is a Linux RHEL server in VirtualBox. I can ping the server and receive ICMP replies and vice versa. I am scanning an IP inside the ...
- 191
18
votes
2
answers
6k
views
Is it possible to identify who's behind a nmap -D scan?
Nmap's -D option stands for decoy, which means that the attacker can simulate that the attack is coming from multiple IPs, including attacker's IP.
From the point of view of the victim, is it ...
user15194
17
votes
3
answers
81k
views
How can I detect the remote operating system?
Is it possible to detect the operating system type remotely from another system using any tools like nmap without admin privileges? What are the other alternatives for achieving this?
- 1,110
16
votes
2
answers
16k
views
different results using nmap with/without sudo
What is the reason that after running:
$ nmap -sP 192.168.1.0/24
I got 3 results, but running:
$ sudo nmap -sP 192.168.1.0/24
shows 7 results.
What is the role of using sudo here?
- 161
14
votes
5
answers
37k
views
Is there a nmap command to get the top # most common ports?
I understand nmap by default scans the top 1k 'most common' ports (-F reduces to 100)
I understand it gets these 'most common' ports based on the nmap-services file, specifically the frequency (3rd ...
- 303
14
votes
5
answers
30k
views
How to detect hosts running in virtual machines with nmap?
I have to determine if a given subnet has virtual hosts.
Are there any ideas about what switches to use?
- 781