Search the Community

I am trying to undertand idle scan in nmap. I feel a little stuck. Here is what I have done so far: nmap -PN -p- -sI zombie -r --packet-trace -v target As part of the packet trace output, nmap tells me that it has send out packets to the zombie on port 80 SENT (0.1033s) TCP source:42615 > zombie:80 SA ttl=44 id=29903 iplen=44 seq=18063 win=1024 <mss 1460> but nmap complains it did not recieve any reply from the zombie Idle scan zombie port 80 cannot be used because it has not returned any of our probes -- perhaps it is down or firewalled. I did a syn scan on the zombie which tells me port 80 is open. I am in a deeply confused state now. Can anyone think of some possible explaination of this behaviour?

I got a big problem with nmap .... all the ports of a target are filtered by the firewall ...I've tried many ways to scan the ports including the ways mentioned by Hak5 ...but I always get the same output which is that all the 1000 scanned ports are filtered by the firewall ... So if anyone could tell my how to solve this problem Plz HELP !!!!

Can you spoof or zombie an ip using smb-flood.nse in nmap.

Hi all, im undergoing a project to determine which penetration testing tools are better suited for information gathering when using Kali to attack a Metapsloitable 2 machine and a Windows XP SP3 machine. All of this research and testing is focusing on users with limited knowledge who may be just starting out in terms of testing tools. The three tools that were chosen to compare were Nmap, Unicornscan and Dmitry and the returned results were as follows: Metasploitable 2 Windows XP Nmap 23 3 Dmitry 8 2 Unicornscan 20 3 The results above showed the open ports that were found by scanning the IP address of the target machine as well as services that are running and also the version. So in my mind Nmap looks to be the better option but with the limited knowledge that i have would i be wrong to say Nmap is the better tool for the job or do the others offer other benefits which i am not seeing? Any feedback would be most welcome.

I have done this before but it has been forever and I can't find how I used to do it. Using nmap, I have a list of ip addresses I want to scan on only port 21. My breakdown would be to tell nmap to check a txt file for the ip's and then scan each one for accessible ports on port 21 and return a list of those ports. In case there is a better way than I have stated here is more info on what I am doing. I used an old spider I wrote years ago to locate ftp's that are open (no user/pass) and it made me a txt file of the ones it found. Used to this list would mean I only had to ftp in and I was ok. But now for some reason the list it returned of ip's will only let me ftp into maybe 1 out of every 4 or 5. This spider I wrote back in 99 or 2000 so things have changed somewhere. I have not needed to do this for that long so it has been sitting. Now I have a need to locate open/unsecured ftps and have spent the day trying to find a better way between taking calls so I am finally asking for help! Thanks

Hi there, I recently have a project where we made a phyton script that uses nmap for network scanning. It will spawn threads for different type of scans (sS, sU, sF, and sN We set up a cloud that will run our script and scan around 60 hosts for 20k ports for each scans. These are different servers with different configuration (all of which will be legally scan). However, our scans is taking some time (2-3 days) to complete. I would just like to ask if this is normal. I am thinking it is taking a while because we are exhausting ports. In your experience, how long does nmap usually takes to complete?

So this is definitely me not knowing nearly enough about networking but when i scan a live host on my lab network with Nmap (Using Metasploitable as the OS as a VM) i get a list of services and the ports they run on as you would expect. However if i perform a scan using my ISP provided IPV6 IP address i simply get the port 111 and rpcbind. So all im trying to confirm is, i wont actually be able to get a list of services and ports for a particular host until im in the network, correct? Scanning the ISP IP is basically just scanning my router isn't it?

Hey all, I've been learning nmap for the last week, scanning my own network for practice. I've managed to find open ports on other devices, however when I scan my Windows 10 machine, all ports are always filtered. I've tried; fragmenting the packets with -f spoofing my MAC to that of my internet Hub slowing down the scan with -T2 and --scan-delay turning off PING with -Pn But nmap always returns that all 1000 ports are filtered. The machine has Windows firewall turned on, but no other firewall software running. Any ideas? Thanks,

Hello, Does anyone have used port scanners like nmap, or vulnerability scaners like nessus, openvas, etc. while providing internet via computer? I'm using the nano on Ubuntu 14.04 using wp6.sh. I've succesfully deauthed some clients (i'm still learning so it's not perfect) and bumped them to connect to the pineapple but when i try to use any scanner using the pineapple's ip, the results are as if i was scanning a host that's not connected. So, nmap shows "scanned X ips, 0 hosts where up", nessus and openvas finish the task with zero results and metasploit can't complete any exploits because the host is down. I know that the os gets the pineapple as another interface but i don't think that's the problem because other times i've succesfully scanned hosts while connected to three different networks (using ethernet, wifi with the integrated card and wifi with an external card). I don't know if its because of the way the wps6.sh script works, because tbh i dont know how it works, but that's the problem i'm facing right now. Anyone that can help me? if you need any other data, please ask. thanks.

Greetings, I'm attempting the practical portion of the CPT exam, and am trying to run an nmap scan to find the IP of a specific virtual machine. When the VM is in bridged mode, how does it then interact with the IP of the host machine? Any insight is appreciated!

Hi all, I'm running the following script in NMAP... nmap -sS -T2 -P0 -V [IP Address] -D [Decoy IPs, separated by commas] ... and I get the following output... Nmap version 6.49BETA5 ( https:\\nmap.org ) Platform: arm-unknown-linux-gnueabihf Compiled with: liblua-5.2.3 openssl-1.0.1k libpcre-8.35 nmap-libpcap-1.7.3 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select (sana)USERNAME@localhost:~$ ...and that's it. No actually output from nmap is given. Why is this not giving me anything? What have I done incorrectly? Thank you.

Hey guys - When I try to run the nmap scan, I'm not able to configure a log location. I select the "Log - Choose Log Location" from the turtle gui, but I don't go to another screen, it just flashes the same screen. I setup sshfs just fine so I don't clog up the internal storage on the device, so ideally I'd point the nmap to /sshfs. Any ideas? Known bug? Anyone else able to reproduce this? Thanks in advance telot

Hi every one, I have a Windows XP system with ZoneAlarm firewall installed. I have 2 raspberry Pi computers with Nmap installed I have been attempting to use one RPI to scan the XP system but I am trying to fool ZoneAlarm into thinking the scan came from another address. So I have XP system on 192.168.0.18. ZoneAlarm installed. RPI 1 on 192,168.0.13 - set as untrusted on ZoneAlarm RPI 2 on 192.168.0.14 - set as trusted on ZoneAlarm I ran a decoy scan from RPI 1 to the XP system. I get the results from the scan but ZoneAlarm knows the scan came from 192.168.0.13 and the IP shows up in the log. I then tried a zombie scan from RPI 1 and an error is returned from Nmap saying 'Idle scan is unable to obtain meaningful results from proxy' I have searched for the error but cannot get any meaningful result. Does the system I am using as the zombie or decoy need certain ports to be opened to allow this type of scan to work? Any help much appreciatted.

im looking to scan a wifi hotspot that has Client side isolation i've tried nmap --Pn (i think that the correct command from memory ) but nothing i can only see the firewall and the server. Thanks, Macy

For the full tour of the application, please view http://www.elithecomputerguy.com/ETCGCommunity/index.php?do=/forum/thread/65/aircrack-ngui/. Mods, I am not redirecting to another site for any ad purposes. Merely because you have an image limit. So, the abridged version. My program is a graphical interface to Aircrack-NG, dsniff, and nmap (at least the main part). If you go to "Other Tools", it includes other network/computer security tools that you can use (including Wireshark, MAC Changer, BURP Suite, TOR Network). My overall goal of the application is to be a "swiss army knife" for those learning network security and network professionals alike. Let me know if you can help develop, run quality control, or beta test. It's currently up on BitBucket and you can get the link from http://aircrackngui.blogspot.com. Also, let me know what you think. Good idea, bad idea, done too often, doesn't compete with other suites like it? Thank you for your time.

i ssh into pineapple tried installing nmap this is what i get root@Pineapple:~# opkg update Downloading http://cloud.wifipineapple.com/packages/Packages.gz. Updated list of available packages in /var/opkg-lists/snapshots. root@Pineapple:~# opkg install --dest usb nmap Unknown package 'nmap'. Collected errors: * opkg_install_cmd: Cannot install package nmap. i'm on v2.7.7 i tried installing through browser ui without success. i'm new to this plz help

So I just recently got the WiFi Pineapple (Mark IV, upgraded to version 2.7) and have been tinkering with it for the last couple days, but I've run into a few snags that I'm not sure about. First, I've been installing some of the infusions but have run into some trouble with getting some of them (namely, sslstrip and nmap) to work at all. When I visit the page for sslstrip or nmap, it comes up with a box saying that it isn't installed, and when clicking the links for either installing it on the pineapple itself or on the external usb I have, it will show the title of the box go to "Installing..." for a few seconds, then the page will refresh and it will still say that the module isn't installed (I can provide screenshots of this if necessary). I've tried installing both on the pineapple itself (with free space available) and on the external usb where some of my other modules such as randomroll are stored, but no dice either way. Also, I had a question about Karma. When I start it on the Pineapple, on certain devices, like my Macbook, public SSIDs I've been on (such as the local library, coffee shops, etc) are populated in the networks list, but on other devices such as my iPhone and my Ubuntu laptop, SSIDs I have previously been on don't populate (although, on my iPhone, if I add a new, fake SSID such as totallypwned it *will* see that one and will be able to connect to the pineapple through it). Is this normal behavior? Lastly, I had a question about how to go about testing phishing. In the episode about it (https://www.youtube.com/watch?v=3uNdu9TM3HM) Darren is able to put his phishing files in the /www/ folder, but, for me, I don't seem to have enough space to store them there, even without infusions installed. Is there a way to store those files on the external usb? Or do they have to be located in /www/? This would be nice as I would have more space to add even more pages, but i'm not sure if it's at all possible. Thanks for any and all help! ~ Alexander Here's some additional info if needed: Pineapple Hardware Version (ex: Mark III, Mark IV, etc.): Mark IV Pineapple Software Version (ex: 2.5.0, 2.6.4): 2.70 OS used to connect to the pineapple: Backtrack 5 laptop connected to and sharing internet with the pineapple over ethernet

Hi Guys ! I want to know what ip number range is used on my network... just want to confirm whether i'm using the right command? nmap 192.168.210.0/24[/CODE] and if you could also explain how it works... btw thanks in advance Regards, Ewa

Hi Guys... i'm trying to find os of my neighbor computer on the network with this command nmap -O 10.1.10.15 [/CODE] but why can't nmap detect exactly OS??? just want to know the technical answer Thanks in Advance... Regards, Ewa

Hi, i'm trying to install nmap in the pineapple mark4 with this command in the "Advanced - Execute Commands", (i already install the module of nmap in the pineapple bar) opkg install --dest usb nmap [/CODE] is this right? because i don't have any response. Thanks!