IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [nmap]

A robust and open source security tool for network discovery and security auditing.

Nmap ("Network Mapper") uses raw IP packets in ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

Nmap runs on all major computer operating systems, with official binary packages available for Linux, Windows, and Mac OS X, and works equally well in both large network and single-host environments.

In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool that also offers transfer encryption (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).

Sources:

532 questions
20
votes
3 answers

What are the security issues of open ports?

What could be the threats of having the ports open, after performing a nmap scan and identifying the open ports? I already searched for some answers for this question, but couldn't find anything specific. Is there any particular issue with each and…
Kulasangar
  • 349
  • 2
  • 5
  • 14
20
votes
2 answers

Nmap scan what does STATE=filtered mean?

When I scanned a host for open ports I came across the following result: PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 3306/tcp open mysql What does filtered…
Rumesh Madhusanka
  • 371
  • 1
  • 2
  • 8
18
votes
1 answer

What does -Pn option mean in nmap?

I am trying to do a nmap scan on a machine in my home network. When I do the regular scan (using nmap 192.168.2.10 or nmap -sP 192.168.2.10), the results say host is down. However, when I use the option -Pn, I get the result saying host is up. What…
TheRookierLearner
  • 4,322
  • 8
  • 26
  • 29
16
votes
2 answers

different results using nmap with/without sudo

What is the reason that after running: $ nmap -sP 192.168.1.0/24 I got 3 results, but running: $ sudo nmap -sP 192.168.1.0/24 shows 7 results. What is the role of using sudo here?
ecandelas
  • 161
  • 1
  • 1
  • 3
11
votes
3 answers

Why does an nmap -sT scan show ports filtered but -sS shows ports closed

What are possible reasons why an nmap -sT scan would show "ports filtered" but an identical nmap -sS scan shows "ports closed"? I understand that -sT is a full TCP Connect, which is easier to detect (and to filter) than the -sS half open scan. But…
Kyle
  • 445
  • 1
  • 6
  • 13
11
votes
4 answers

Missing scripts in NMAP

I've just installed the latest Kali and updated everything. nmap is version 7.12. I've noticed that smb-check-vulns.nse is not present. As far as I can tell, most other scripts I use are there but I've got an exam coming up and I don't want any bad…
Juicy
  • 1,447
  • 4
  • 17
  • 33
10
votes
2 answers

How does nmap do a zombie and decoy scan?

We're learning nmap in my ethical hacking class. We got showed how we can use nmap to perform a zombie scan: nmap -PN -sI zombieIP targetIP and decoy scan: nmap -p 135 -D decoyIP targetIP I understand what they do, but the lecturer didn't go into…
Juicy
  • 1,447
  • 4
  • 17
  • 33
10
votes
2 answers

Nmap default scan technique

I'm a little bit confused about what is the default scan option for an nmap scan. For example: nmap -A -p 22 Am I performing a SYN scan or TCP connect scan?
Bob
  • 139
  • 2
  • 9
9
votes
2 answers

Why does NMAP scan list hosts as up?

When running an NMAP scan of my internal network (192.168.1.0/24) from my Mac, NMAP sees all hosts as live. It also believes there is a port 80 http service running on every IP when I do not have 254 hosts configured on my network. Although oddly…
Jay2040
  • 131
  • 1
  • 1
  • 5
9
votes
2 answers

How can I see traceroute details in NMAP?

I'm using NMAP for Network scan ; The output does not contain the full traceroute details. Can I view all intermediate routers/hosts using the NMAP GUI? A simple VPN connection IP traceroute... Thanks your answers...
acbd aabcde
  • 125
  • 2
  • 2
  • 5
9
votes
4 answers

Nmap scan produces all "unknown"

I scanned both localhost, and the IP address of the LAN adapter, and this is the produced output. Starting Nmap 5.51 ( http://nmap.org ) at 2012-10-12 18:06 Eastern Daylight Time Skipping SYN Stealth Scan against localhost (127.0.0.1) because…
Brendan Beals
  • 99
  • 1
  • 1
  • 2
8
votes
5 answers

How can I practice using nmap without scanning some real site or performing computer trespass?

I want to learn nmap and its various options. What can I do or setup in order to see examples of issues found by nmap - e.g., something with security holes on purpose.
TheRookierLearner
  • 4,322
  • 8
  • 26
  • 29
7
votes
0 answers

What is RTTVAR in NMap?

I find a lot of sources explaining how to get rid of the following message: RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 But What exactly is RTTVAR(Round Trip Time Variance)? What is happening here?
Jithin Pavithran
  • 200
  • 1
  • 1
  • 7
7
votes
2 answers

Found Unusual Services running on my VPS

I am running a Debian VPS and i did a port scan and found these services 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 593/tcp filtered http-rpc-epmap 1720/tcp filtered H.323/Q.931 6881/tcp filtered…
h00j
  • 766
  • 1
  • 7
  • 18
6
votes
2 answers

How do you scan multiple subnets using Nmap?

I'm looking to scan a network with multiple subnets. I'm looking for a way to shorten this to one command rather than entering each subnet. So let's say I'm try to scan 192.168.1.xx, 192.168.2.xx and so on until 192.168.10.xx. with a specified port.…
sketch54
  • 71
  • 1
  • 1
  • 5
1
2 3 4 5 6 7