3

scanned my IP number with nmap and I got all "unknown" status ports.

What does that mean?

officier
  • 41
  • 1
  • 3
  • Have you done any research on this yourself? I imagine a quick search on Google would answer this question. Failing that, a search here of previous questions will certainly answer this. – Chris Murray Nov 28 '14 at 12:11
  • Not enough information are given to answer this common answer. –  Nov 28 '14 at 12:17
  • 1
    Yeap I researched. but I couldnt find any information on how unknown status would be used by crackers as a way of hacking. – officier Nov 28 '14 at 12:18
  • Are you using Windows nmap? – Jonathan Nov 28 '14 at 12:45
  • Appreciate the question, its the first one that came up on duckduckgo, glad to know there are others as well. What I am curious about is why some of my Windows 10 machines result in unknown status for every port, while local scans on other Windows 10 machines do not. Seems like it is spoofing itself sometimes and other times not. Whats going on there? – Tyler Feb 22 '19 at 21:16
  • Looks like I have figured out the culprit, this results when the npcap service & certain drivers fails to install, the npcap loopback interface then fails to install, resulting in problems such as this. My driver finally succeeded installing after temporarily disabling group policy Admin Templates\System\Device Installation\Device Installation Restrictions\Prevent Installation of devices using drivers that match these device setup classes\ (show) {D48179BE-EC20-11D1-B6B8-00C04FA372A7} – Tyler Feb 22 '19 at 22:58

1 Answers1

4

The "unknown" port status doesn't come up very much, but it can happen when you try to scan your own IP (or 127.0.0.1) on Windows. This is because Windows does not have raw socket support, so Nmap's SYN scan packets have to be crafted at the Ethernet level. This just doesn't make sense for a localhost connection, and there's no way to do it.

To get valid results, you should add -sT to your command line. This selects Nmap's TCP Connect scan, which will succeed. Alternatively, if all you need is a list of open ports, the netstat utility will give you exactly what you need.

bonsaiviking
  • 11,666
  • 1
  • 29
  • 50
  • I found personally this "unknown port" issue occurred only on one windows machine, the other it did not because npcap installed properly on the working machine. The non working machine failed to install npcaps LWF driver which resulted in the npcap service and loopback adapter not installing. When I finally got this to install there were NO MORE UNKNOWN PORTS appearing on the scan! The only thing that allowed the driver to install properly I will post in the next comment due to space limitations. – Tyler Feb 24 '19 at 01:41
  • 1
    I had to disable group policy Admin Templates\System\Device Installation\Device Installation Restrictions\Prevent Installation of devices using drivers that match these device setup classes\ (show) {D48179BE-EC20-11D1-B6B8-00C04FA372A7}. The only other policy and or setting I had changed was setting group policy enabled `"Boot-Start Driver Initialization Policy" to "Good only". I recommend testing one at a time and posting your results. I am 99% sure it was the first one, but these are the only two settings that I had changed to allow this driver to install properly. – Tyler Feb 24 '19 at 01:42