Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Nmap
Special Forums Cybersecurity Nmap Post 17651 by LivinFree on Tuesday 19th of March 2002 04:04:17 AM
Old 03-19-2002
What kind of system are you scanning here? I know that on some (notably Redhat 7.2), firewalling is set up by default. When nmap finds a bunch of non-closed ports, it reports them as "interesting". UDP scanning is kind of tough, since it's "connectionless". But here's how nmap does it (from the man page):
Quote:
The technique is to send 0 byte udp
packets to each port on the target machine. If we receive an ICMP port
unreachable message, then the port is closed. Otherwise we assume it is
open.
This somewhat contradicts reality though, at least the way I see it. For example, I took a scan of an OpenBSD box (UDP only, default port selection), and it reported all 1453 ports as filtered. Go fig. Then again, it took 96 seconds on a 100base-t network on -T Insane, and reported the OS versions as "AIX 4.3.1 on a IBM RS/6000 R40"... Good ol' OBSD.

The best I can figure, is that if all ports are closed, it assumes it got no responses due to a packet filter - thus "filtered". But if you get at least one reply, the rest must just be closed... wild guess, though.

The important part though, is that you didn't see any open ports.
On a Linux system, you can also get a list of UDP ports with netstat -au... that is, assuming you haven't been cracked into and had your netstat replaced...

Hope this helps a little.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

nmap results

Hi, Whenever I tried to run nmap on my linux (red hat 6.2) boxes i got these outputs: 4444/tcp filtered krb524 6666/tcp filtered irc-serv 6699/tcp filtered napster 8888/tcp filtered sun-answerbook Can anybody please... (10 Replies)
Discussion started by: necro
10 Replies

2. Shell Programming and Scripting

Nmap PHP FE

Hi everyone! I've temporarily come out of hibernation (and will be gone for about two weeks after this post too) to ask for input on a small PHP script I have just completed. The script aims to be a remote front-end for Nmap - now for the safety of this post, I ask that any replies refrain from... (6 Replies)
Discussion started by: Karma
6 Replies

3. AIX

nmap on aix 5.2

I'm trying to compile nmap 4.11 on an aix 5.2 machine and get the following error when attempting the 'make' command; make "Makefile", line 1: make: 1254-055 Dependency line needs colon or double colon operator. "Makefile", line 14: make: 1254-055 Dependency line needs colon or double colon... (2 Replies)
Discussion started by: zuessh
2 Replies

4. Red Hat

To change of port name in nmap

Hi, Is it possible to change the nmap port name: For eg: 21/tcp open ftp 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 836/tcp open unknown 843/tcp open unknown 953/tcp open rndc I need to change the port number 836 unknown to the name of the... (4 Replies)
Discussion started by: gsiva
4 Replies

5. Shell Programming and Scripting

FTP/nmap/.netrc

So... I'm trying to script and FTP Backup of some files from openVMS Alpha machine to a Unixware 7 machine. I decided to use .netrc to do all the FTP actions however when I send the nmap command. It pretty much gets ignored while even other things such "ascii", "case" etc.. get respected... (0 Replies)
Discussion started by: thesubmitter
0 Replies

6. Solaris

Nmap error

I 'm getting following error when i run nmap for an ip .. what could be the reason for it ? #nmap 10.22.67.18 Starting Nmap 4.68 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2009-07-06 19:07 UTC Warning: Unable to open interface e1000g3301000 -- skipping it.... (2 Replies)
Discussion started by: fugitive
2 Replies

7. Linux

nmap binaries for linux

Hi , I am exploring the nmap utility for Linux. I know that, nmap binaries are specific to the platforms e.g. nmap binaries will be diferent for Windows , AIX , Solaris and Linux platforms. Can anyone tell me , will the nmap binaries be different for different flavours of Linux such as... (1 Reply)
Discussion started by: jatin56
1 Replies

8. Cybersecurity

Help with NMAP

I'm seeing a persistent address showing up on my firewall router logs. The address is 10.98.115.9:67, and is broadcasting to 255.255.255.255. I know that this would typically signal a BOOTP service, such as a bootp server announcing itself on the network. But I can't isolate which machine it... (3 Replies)
Discussion started by: renoir611
3 Replies

9. Shell Programming and Scripting

How to scan IP range using nmap?

Scripting language : Bash Shell Script I have to create function in which read IP addresses one by one from one file (ip.txt) and scan these IP using nmap. (4 Replies)
Discussion started by: sk151993
4 Replies

10. Homework & Coursework Questions

How to scan IP range using nmap?

Scripting language : Bash Shell Script 1. problem statement I have to create function in which read IP addresses one by one from one file (iplist.txt) and scan these IP using nmap. This scan IP's output is saved in output.txt file and parse output.txt to save only open ports with particular IP... (3 Replies)
Discussion started by: sk151993
3 Replies

LEARN ABOUT ULTRIX

udp

udp(4p) 																   udp(4p)

Name
       udp - Internet User Datagram Protocol

Syntax
       #include <sys/socket.h>
       #include <netinet/in.h>

       s = socket(AF_INET, SOCK_DGRAM, 0);

Description
       UDP  is	a  simple,  unreliable datagram protocol that is used to support the SOCK_DGRAM abstraction for the Internet protocol family.  UDP
       sockets are connectionless and are normally used with the and calls, though the call can also be used to fix  the  destination  for  future
       packets (in which case the or and or system calls may be used).

       UDP  address  formats are identical to those used by TCP.  In particular, UDP provides a port identifier in addition to the normal Internet
       address format.	Note that the UDP port space is separate from the TCP port space (for example,	a UDP port may not be ``connected''  to  a
       TCP  port).   In  addition  broadcast  packets  can be sent (assuming the underlying network supports this) by using a reserved ``broadcast
       address''; this address is network interface dependent.	The SO_BROADCAST option must be set on the socket for broadcasting to succeed.

Diagnostics
       A socket operation may fail with one of the following errors returned:

       [EISCONN]      Try to establish a connection on a socket which already has one, or when trying to send  a  datagram  with  the  destination
		      address specified and the socket already connected.

       [ENOTCONN]     Try to send a datagram, but no destination address is specified, and the socket has not been connected.

       [ENOBUFS]      The system runs out of memory for an internal data structure.

       [EADDRINUSE]   An attempt is made to create a socket with a port that has already been allocated.

       [EADDRNOTAVAIL]
		      An attempt is made to create a socket with a network address for which no network interface exists.

See Also
       getsockopt(2), send(2), socket(2) recv(2), intro(4n), inet(4f)

																	   udp(4p)
All times are GMT -4. The time now is 08:08 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy