Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: nmap results
Top Forums UNIX for Dummies Questions & Answers nmap results Post 18883 by LivinFree on Thursday 4th of April 2002 02:09:22 AM
Old 04-04-2002
Well, the results you first posted above, it looks like you ran a TCP scan, not a UDP one. If you did run a UDP scan, then yes, I suppose nmap could assume it was filtered, since UDP is connectionless, and won't reply. It will only show as closed the ports that receive an ICMP Unreachable (I think) message.

I hate to suggest this, but maybe you should boot from floppy or CD, and run the tools from CD or another filesystem. You may have been rooted and had trojan horses installed that will filter itself out of ps, top, netstat, and other tools. Also, you might check chkrootkit (http://www.chkrootkit.org/). It recognizes many trojans.

Has your Redhat 6.2 been patched? Default 6.2 has plenty of exploitable problems by default in it (ftpd, telnetd, sshd, lpd, etc...). Also, have you tried connecting to any of these ports to see if they provide a banner or possibly even a shell? (I doubt they will though, if nmap shows them as filtered).

If you do turn out to be trojaned, you should wipe your disk clean and reinstall from CD. You may be able to clean up after the rootkit, but you don't know what else has been done.

Please post back and let us know what's going on...
 

9 More Discussions You Might Find Interesting

1. Cybersecurity

Nmap

I am pretty new at running nmap ,and i have some doubt about some o/ps the nmap shows I tried to scan my own system for UDP open ports I see that if i use one UDP port say 13 It shows that its in open state , etc But if i scan for the whole UDP ports in the nmap-services . I gives te... (2 Replies)
Discussion started by: DPAI
2 Replies

2. Shell Programming and Scripting

Nmap PHP FE

Hi everyone! I've temporarily come out of hibernation (and will be gone for about two weeks after this post too) to ask for input on a small PHP script I have just completed. The script aims to be a remote front-end for Nmap - now for the safety of this post, I ask that any replies refrain from... (6 Replies)
Discussion started by: Karma
6 Replies

3. AIX

nmap on aix 5.2

I'm trying to compile nmap 4.11 on an aix 5.2 machine and get the following error when attempting the 'make' command; make "Makefile", line 1: make: 1254-055 Dependency line needs colon or double colon operator. "Makefile", line 14: make: 1254-055 Dependency line needs colon or double colon... (2 Replies)
Discussion started by: zuessh
2 Replies

4. Solaris

Nmap error

I 'm getting following error when i run nmap for an ip .. what could be the reason for it ? #nmap 10.22.67.18 Starting Nmap 4.68 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2009-07-06 19:07 UTC Warning: Unable to open interface e1000g3301000 -- skipping it.... (2 Replies)
Discussion started by: fugitive
2 Replies

5. Linux

nmap binaries for linux

Hi , I am exploring the nmap utility for Linux. I know that, nmap binaries are specific to the platforms e.g. nmap binaries will be diferent for Windows , AIX , Solaris and Linux platforms. Can anyone tell me , will the nmap binaries be different for different flavours of Linux such as... (1 Reply)
Discussion started by: jatin56
1 Replies

6. Shell Programming and Scripting

Can ctag and cscope support recording search results and displaying the history results ?

Hello , When using vim, can ctag and cscope support recording search results and displaying the history results ? Once I jump to one tag, I can use :tnext to jump to next tag, but how can I display the preview search result? (0 Replies)
Discussion started by: 915086731
0 Replies

7. Cybersecurity

Help with NMAP

I'm seeing a persistent address showing up on my firewall router logs. The address is 10.98.115.9:67, and is broadcasting to 255.255.255.255. I know that this would typically signal a BOOTP service, such as a bootp server announcing itself on the network. But I can't isolate which machine it... (3 Replies)
Discussion started by: renoir611
3 Replies

8. IP Networking

Why Nmap UDP need Root?

I was just wondering, why does Nmap need root when doing an -sU UDP Scan? Please and Thank You. (3 Replies)
Discussion started by: amreason
3 Replies

9. Homework & Coursework Questions

How to scan IP range using nmap?

Scripting language : Bash Shell Script 1. problem statement I have to create function in which read IP addresses one by one from one file (iplist.txt) and scan these IP using nmap. This scan IP's output is saved in output.txt file and parse output.txt to save only open ports with particular IP... (3 Replies)
Discussion started by: sk151993
3 Replies

LEARN ABOUT DEBIAN

scapy

SCAPY(1)						      General Commands Manual							  SCAPY(1)

NAME

       scapy - Interactive packet manipulation tool

SYNOPSIS

       scapy [options]

DESCRIPTION

       This manual page documents briefly the scapy tool.

       scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery, packet sniffer, etc. It can
       for the moment replace hping, parts of nmap, arpspoof, arp-sk, arping, tcpdump, tshark, p0f, ...

       scapy uses the python interpreter as a command board. That means that you can use directly python language (assign  variables,  use  loops,
       define  functions,  etc.)  If  you  give a file as parameter when you run scapy, your session (variables, functions, intances, ...) will be
       saved when you leave the interpretor, and restored the next time you launch scapy.

       The idea is simple. Those kind of tools do two things : sending packets and receiving answers. That's what scapy does : you define a set of
       packets,  it  sends them, receives answers, matches requests with answers and returns a list of packet couples (request, answer) and a list
       of unmatched packets. This has the big advantage over tools like nmap or hping that an answer is not reduced to (open/closed/filtered), but
       is the whole packet.

       On top of this can be build more high level functions, for example one that does traceroutes and give as a result only the start TTL of the
       request and the source IP of the answer. One that pings a whole network and gives the list of machines answering. One that does a  portscan
       and returns a LaTeX report.

OPTIONS

       Options for scapy are:

       -h     display usage

       -d     increase log verbosity. Can be used many times.

       -s FILE
	      use FILE to save/load session values (variables, functions, intances, ...)

       -p PRESTART_FILE
	      use PRESTART_FILE instead of $HOME/.scapy_prestart.py as pre-startup file

       -P     do not run prestart file

       -c STARTUP_FILE
	      use STARTUP_FILE instead of $HOME/.scapy_startup.py as startup file

       -C     do not run startup file

COMMANDS

       Only the vital commands to begin are listed here for the moment.

       ls()   lists supported protocol layers. If a protocol layer is given as parameter, lists its fields and types of fields.

       lsc()  lists some user commands. If a command is given as parameter, its documentation is displayed.

       conf   this object contains the configuration.

FILES

       $HOME/.scapy_prestart.py  This  file  is  run  before  scapy  core  is  loaded.	Only the is available. This file can be used to manipulate
       conf.load_layers list to choose which layers will be loaded:

       conf.load_layers.remove("bluetooth")
       conf.load_layers.append("new_layer")

       $HOME/.scapy_startup.py This file is run after scapy is loaded. It can be used to configure some of the scapy behaviors:

       conf.prog.pdfreader="xpdf"
       split_layers(UDP,DNS)

EXAMPLES

       More verbose examples are available at http://www.secdev.org/projects/scapy/demo.html Just run scapy and try the following commands in  the
       interpreter.

       Test the robustness of a network stack with invalid packets:
       sr(IP(dst="172.16.1.1", ihl=2, options="b$2$", version=3)/ICMP())

       Packet sniffing and dissection (with a bpf filter or thetereal-like output):
       a=sniff(filter="tcp port 110")
       a=sniff(prn = lambda x: x.display)

       Sniffed packet reemission:
       a=sniff(filter="tcp port 110")
       sendp(a)

       Pcap file packet reemission:
       sendp(rdpcap("file.cap"))

       Manual TCP traceroute:
       sr(IP(dst="www.google.com", ttl=(1,30))/TCP(seq=RandInt(), sport=RandShort(), dport=dport)

       Protocol scan:
       sr(IP(dst="172.16.1.28", proto=(1,254)))

       ARP ping:
       srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst="172.16.1.1/24"))

       ACK scan:
       sr(IP(dst="172.16.1.28")/TCP(dport=(1,1024), flags="A"))

       Passive OS fingerprinting:
       sniff(prn=prnp0f)

       Active OS fingerprinting:
       nmap_fp("172.16.1.232")

       ARP cache poisonning:
       sendp(Ether(dst=tmac)/ARP(op="who-has", psrc=victim, pdst=target))

       Reporting:
       report_ports("192.168.2.34", (20,30))

SEE ALSO

       http://www.secdev.org/projects/scapy
       http://trac.secdev.org/scapy

BUGS

       Does not give the right source IP for routes that use interface aliases.

       May miss packets under heavy load.

       Session	saving	is  limited  by Python ability to marshal objects. As a consequence, lambda functions and generators can't be saved, which
       seriously reduce usefulness of this feature.

       BPF filters don't work on Point-to-point interfaces.

AUTHOR

       Philippe Biondi <phil@secdev.org>

       This manual page was written by Alberto Gonzalez Iniesta <agi@agi.as> and Philippe Biondi.

								   May 12, 2003 							  SCAPY(1)
All times are GMT -4. The time now is 01:39 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy