0

I'm trying to determine which ports are in use with my machine. I found, online an article that listed one method as follows:

$ sudo nmap -sT -O localhost

I believedthis would give me a list of all ports listening for TCP packets. However, when I enter this command, I get the following result:

Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-02 21:07 EDT
socket troubles in HostOsScan: Permission denied (13)

If I'm running as sudo, how can I lack permission to run something on my machine??

I tried running just:

$ sudo nmap -sT  localhost

and got:

Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-02 21:28 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000094s latency).
Not shown: 999 closed ports
PORT    STATE SERVICE
631/tcp open  ipp

Just tried nmap without arguments and again was denied permission !?

$ sudo nmap localhost
Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-03 11:05 EDT
Couldn't open a raw socket. Error: Permission denied (13)

Looking at nmap's --help option, I see that -O enables OS detection. Why should I not have permission to use this option - especially with sudo? (Note: I'm currently running Ubuntu 18.04 & 20.04)

(Note: Accepted answer solves my root problem - looking at ports, but answer in comments section explains why I was having trouble with nmap. Apparently, because I installed with snap, I needed to also execute:

 $ sudo snap connect nmap:network-control

before nmap would work correctly

Improve this question
5
  • if you are using snap to provide nmap it's time to tell it.
    – A.B
    Commented Jun 3, 2021 at 15:50
  • @A.B - I realize this shows how little I know, but what do you mean "using snap to provide nmap"??
    – user1245262
    Commented Jun 3, 2021 at 15:53
  • If dpkg -S /usr/bin/nmap returns a line starting with nmap: then it's not through snap.
    – A.B
    Commented Jun 3, 2021 at 15:55
  • @A.B. Apparently, I did install nmap with snap - which nmap returns /snap/bin/nmap. So, what should I do?
    – user1245262
    Commented Jun 3, 2021 at 15:58
  • 1
    askubuntu.com/questions/1031714/…
    – A.B
    Commented Jun 3, 2021 at 16:40

2 Answers 2

Reset to default
1

It you're trying to determine which ports are in use with your machine you don't need to scan. You can just list the ports directly

netstat -nap
ss -nap

If you're not root omit the -p flag. The LISTEN lines are the important ones for you, and you can filter for these with awk. For example

netstat -nap | awk 'NR==1 || /LISTEN/'
Improve this answer
-1

First "I'm trying to determine which ports are in use with my machine." then drop the -O since you don't need to know what your local OS is.

Might need more information.

  1. What OS are you running? Maybe include which kernel
  2. Are you running a firewall? or Fail2ban or any related security services?
  3. Can you install older version? My install in Nmap v7.80 from Ubuntu repo didn't show the same issue.
  4. Are you in a Virtual Machine, VPS, or hosted system?
  5. Is this a clean install with little to no installed programs? If so you have a quiet system, not much noise, not much to detect.
  6. Tried other OS detection Nmap options? --osscan-limit --osscan-guess --max-os-tries LINK

Lack of detected TCP ports makes OS detection difficult. Replies to TCP request is how OS detection works. Better explained here https://nmap.org/book/osdetect-methods.html

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .