Jump to content

nmap results question


unconvinced
 Share

Recommended Posts

Hi all,

I scanned a friend's i.p. with zenmap (gui version of nmap) and got the following result:

Port State Service Reason Product Version Extra info

135 tcp open msrpc syn-ack Microsoft Windows RPC

1034 tcp closed zincite-a reset

1038 tcp closed unknown reset

1058 tcp closed nim reset

1071 tcp closed unknown reset

1072 tcp closed unknown reset

1073 tcp closed unknown reset

1074 tcp closed unknown reset

1141 tcp closed unknown reset

1147 tcp closed unknown reset

1900 tcp closed upnp reset

Why did zenmap choose to tell me that those specific ports were closed on this pc, rather than just 'ignoring' closed ports as it does on most scans? Is it likely that these ports have services running on them on occasion but not during my scan, or have these ports been permanently closed? Obviously I was a bit concerned by the mention of 'zincite-a' in case my friend's pc was harboring a backdoor but as I'm very new to this I don't know if those ports are closed by xp's firewall or the AVG free my friend has installed. Any pointers would be appreciated.

Thanks.

Link to comment
Share on other sites

Add the --open option. This will cause nmap to only output open (or possibly open according to man) ports.

Thanks for the swift response Sparda. I don't necessarily wish to hide these ports in the scan results but I was puzzled by their explicit appearance for no reason that was obvious. Should I take it that the listing of zincite & nim isn't something to be worried about?

Thanks again.

Link to comment
Share on other sites

I love it when people say they're doing something to a "friends' [pc/ip/network/router/etc]"

It makes posts like these so much more tolerable.

<rant>

I understand your cynicism and I have no idea what proportion of posts similar to mine are actually genuine; this is one of those possibly rare cases. My concern about zincite etc. was real! If anybody actually gives a fig then I'll happily provide proof that this is indeed the pc of a friend and not one I'm trying to hack. I've scanned the pc's of several friends using the i.p.'s taken from email headers (where possible), purely out of curiosity. My leanings are whitehat not black, which is why I choose this forum.

</rant>

Sparda, thanks once more for the pointers, I'll see what gaps Google can fill.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...