Thread Tools Search this Thread
Special Forums Cybersecurity Nmap
# 1  
Old 03-16-2002

I am pretty new at running nmap ,and i have some doubt about some o/ps the nmap shows

I tried to scan my own system for UDP open ports

I see that if i use one UDP port say 13
It shows that its in open state , etc

But if i scan for the whole UDP ports in the nmap-services . I gives te number of ports open as in a filtered state .

Can some one explain me why this is so .


# 2  
Old 03-18-2002
A possible solution is that while performing a single port scan you are getting a correct response from an "active" or open port.

Now under a full 65535 port scan you are pushing alot of packets! You hadn't stated your time frequency of datagram submittal...but with an educated guess......i'd say that you are pumping them out as quick as possible.

When a system is under a pretty heavy load...the stack gets a bit quirky. Thus the inconsistent recognitions.....i.e...a "filtered" state.

Especially when your only traversing a portion of your TCP/IP stack, and not the whole OSI model.

Have you reviewed RFC 793 (Transmission Control Protocol) for valid responses? I suggest capturing packets to verify your systems responses.

# 3  
Old 03-19-2002
What kind of system are you scanning here? I know that on some (notably Redhat 7.2), firewalling is set up by default. When nmap finds a bunch of non-closed ports, it reports them as "interesting". UDP scanning is kind of tough, since it's "connectionless". But here's how nmap does it (from the man page):
The technique is to send 0 byte udp
packets to each port on the target machine. If we receive an ICMP port
unreachable message, then the port is closed. Otherwise we assume it is
This somewhat contradicts reality though, at least the way I see it. For example, I took a scan of an OpenBSD box (UDP only, default port selection), and it reported all 1453 ports as filtered. Go fig. Then again, it took 96 seconds on a 100base-t network on -T Insane, and reported the OS versions as "AIX 4.3.1 on a IBM RS/6000 R40"... Good ol' OBSD.

The best I can figure, is that if all ports are closed, it assumes it got no responses due to a packet filter - thus "filtered". But if you get at least one reply, the rest must just be closed... wild guess, though.

The important part though, is that you didn't see any open ports.
On a Linux system, you can also get a list of UDP ports with netstat -au... that is, assuming you haven't been cracked into and had your netstat replaced...

Hope this helps a little.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Homework & Coursework Questions

How to scan IP range using nmap?

Scripting language : Bash Shell Script 1. problem statement I have to create function in which read IP addresses one by one from one file (iplist.txt) and scan these IP using nmap. This scan IP's output is saved in output.txt file and parse output.txt to save only open ports with particular IP... (3 Replies)
Discussion started by: sk151993
3 Replies

2. Shell Programming and Scripting

How to scan IP range using nmap?

Scripting language : Bash Shell Script I have to create function in which read IP addresses one by one from one file (ip.txt) and scan these IP using nmap. (4 Replies)
Discussion started by: sk151993
4 Replies

3. Cybersecurity

Help with NMAP

I'm seeing a persistent address showing up on my firewall router logs. The address is, and is broadcasting to I know that this would typically signal a BOOTP service, such as a bootp server announcing itself on the network. But I can't isolate which machine it... (3 Replies)
Discussion started by: renoir611
3 Replies

4. Linux

nmap binaries for linux

Hi , I am exploring the nmap utility for Linux. I know that, nmap binaries are specific to the platforms e.g. nmap binaries will be diferent for Windows , AIX , Solaris and Linux platforms. Can anyone tell me , will the nmap binaries be different for different flavours of Linux such as... (1 Reply)
Discussion started by: jatin56
1 Replies

5. Solaris

Nmap error

I 'm getting following error when i run nmap for an ip .. what could be the reason for it ? #nmap Starting Nmap 4.68 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2009-07-06 19:07 UTC Warning: Unable to open interface e1000g3301000 -- skipping it.... (2 Replies)
Discussion started by: fugitive
2 Replies

6. Shell Programming and Scripting


So... I'm trying to script and FTP Backup of some files from openVMS Alpha machine to a Unixware 7 machine. I decided to use .netrc to do all the FTP actions however when I send the nmap command. It pretty much gets ignored while even other things such "ascii", "case" etc.. get respected... (0 Replies)
Discussion started by: thesubmitter
0 Replies

7. Red Hat

To change of port name in nmap

Hi, Is it possible to change the nmap port name: For eg: 21/tcp open ftp 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 836/tcp open unknown 843/tcp open unknown 953/tcp open rndc I need to change the port number 836 unknown to the name of the... (4 Replies)
Discussion started by: gsiva
4 Replies

8. AIX

nmap on aix 5.2

I'm trying to compile nmap 4.11 on an aix 5.2 machine and get the following error when attempting the 'make' command; make "Makefile", line 1: make: 1254-055 Dependency line needs colon or double colon operator. "Makefile", line 14: make: 1254-055 Dependency line needs colon or double colon... (2 Replies)
Discussion started by: zuessh
2 Replies

9. Shell Programming and Scripting


Hi everyone! I've temporarily come out of hibernation (and will be gone for about two weeks after this post too) to ask for input on a small PHP script I have just completed. The script aims to be a remote front-end for Nmap - now for the safety of this post, I ask that any replies refrain from... (6 Replies)
Discussion started by: Karma
6 Replies

10. UNIX for Dummies Questions & Answers

nmap results

Hi, Whenever I tried to run nmap on my linux (red hat 6.2) boxes i got these outputs: 4444/tcp filtered krb524 6666/tcp filtered irc-serv 6699/tcp filtered napster 8888/tcp filtered sun-answerbook Can anybody please... (10 Replies)
Discussion started by: necro
10 Replies
Login or Register to Ask a Question