nmap: what does "state = closed" means - nmap

I am trying nmap command on two remote hosts public ip address
~ % nmap (remote host1 - public ip)
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-23 20:08 EDT
Nmap scan report for openrg (remote host1 - public ip)
Host is up (0.0093s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
443/tcp open https
515/tcp open printer
631/tcp open ipp
4567/tcp open tram
8080/tcp open http-proxy
8443/tcp open https-alt
~ % nmap (remote host2 - public ip)
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-23 20:09 EDT
Nmap scan report for (remote host2 - public ip)
Host is up (0.023s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
80/tcp open http
445/tcp closed microsoft-ds
8000/tcp open http-alt
8080/tcp closed http-proxy
I am looking for the port 8080
in host1 it shows STATE = open and in host2 it shows STATE = closed
what does http-proxy means here.

nmap tries to tell the type of service (process running) that is listening the port based on well-known services. That means that the service it is running on 8080 is "probably" an http-proxy server. This recognition is based on a database that associates the port number with this service, so it does not guarantee it is an http-proxy indeed, but guess it.
See Nmap Service and Version Detection.
The closed state means that the port is accessible from nmap probe packets but there is no application listening on it. See Nmap Port Scanning Basics

Related

Nessus Nmap script not providing desired results on localhost:8843

I'm running Nessus and I want to perform an Nmap script on it, Nessus are running on the localhost:8843.
When I run Nmap script it gives me nothing just normal scan
Nmap script:
C:\Users\mtaha>nmap --script nessus-brute.nse -p8834 <MY_IP> --unprivileged -Pn
The output:
Starting Nmap 7.92 ( https://nmap.org ) at 2023-02-03 22:44 Egypt Standard Time
Nmap scan report for 192.168.189.1
Host is up (0.00s latency).
PORT STATE SERVICE
8834/tcp open nessus-xmlrpc
Nmap done: 1 IP address (1 host up) scanned in 16.85 seconds
I didn't try anything else.

Nmap script error: "ssl_init_helper(): OpenSSL legacy provider failed to load."

I running Nessus on port 8834 and I when I run this Nmap script
nmap --script nessus-brute -p 8834 <MY_IP>
It gave me this output
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-03 10:38 Egypt Standard Time
NSOCK ERROR [0.0460s] ssl_init_helper(): OpenSSL legacy provider failed to load.
Nmap scan report for 192.168.189.1
Host is up (0.00s latency).
PORT STATE SERVICE
8834/tcp open nessus-xmlrpc
Nmap done: 1 IP address (1 host up) scanned in 17.00 seconds
I tried also to put args to the script
nmap --script nessus-brute --script-args userdb='admin',passdb='adminPass' -p 8834 <MY_IP>
And the same output as before.

mDNS (Avahi) working TO RPis but not between them

Avahi/mDNS is running by default on recent versions of Raspian. Great. Very convenient to just ssh pi#mypi.local.
I am doing development on a Mac and operating a local network of headless Raspberry Pis. Up until now, I was able to use mDNS to access the Pis, and the Pis used mDNS to connect to each other.
Today, I shifted the RPis to a private local network by setting them up on a wireless router unconnected to the internet. Once I join the private network, I am still able to access them via mDNS:
% ssh pi#scheduler.local
Linux scheduler 5.10.63-v7l+ #1459 SMP Wed Oct 6 16:41:57 BST 2021 armv7l
Last login: Mon Aug 1 09:07:43 2022
pi#scheduler:~ $
and
wes#macbook % ssh pi#crossing.local
Linux crossing 5.10.17-v7l+ #1414 SMP Fri Apr 30 13:20:47 BST 2021 armv7l
Last login: Mon Aug 1 09:07:46 2022
pi#crossing:~ $
But when they try to access each other, I get some results I don't understand:
pi#scheduler:~ $ ping crossing.local
PING crossing.local (10.0.0.1) 56(84) bytes of data.
From 192.168.0.1 (192.168.0.1) icmp_seq=1 Destination Net Unreachable
From 192.168.0.1 (192.168.0.1) icmp_seq=2 Destination Net Unreachable
From 192.168.0.1 (192.168.0.1) icmp_seq=3 Destination Net Unreachable
From 192.168.0.1 (192.168.0.1) icmp_seq=4 Destination Net Unreachable
Here's what Avahi reports:
pi#scheduler:~ $ service avahi-daemon status
● avahi-daemon.service - Avahi mDNS/DNS-SD Stack
Loaded: loaded (/lib/systemd/system/avahi-daemon.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-08-01 09:07:37 PDT; 41min ago
Main PID: 388 (avahi-daemon)
Status: "avahi-daemon 0.7 starting up."
Tasks: 2 (limit: 1438)
CGroup: /system.slice/avahi-daemon.service
├─388 avahi-daemon: running [scheduler.local]
└─414 avahi-daemon: chroot helper
Aug 01 09:08:08 scheduler avahi-daemon[388]: Leaving mDNS multicast group on interface wlan0.IPv4 with address 169.
Aug 01 09:08:08 scheduler avahi-daemon[388]: Joining mDNS multicast group on interface wlan0.IPv4 with address 192.
Aug 01 09:48:29 scheduler avahi-daemon[388]: Files changed, reloading.
Aug 01 09:48:29 scheduler avahi-daemon[388]: No service file found in /etc/avahi/services.
Here's my hosts and hostname files:
pi#scheduler:~ $ cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.1.1 scheduler
pi#scheduler:~ $ cat /etc/hostname
scheduler
What does avahi say about it? Let's see:
pi#brs-scheduler:~ $ avahi-resolve --name brs-crossing.local -4
brs-crossing.local 192.168.0.214
pi#brs-scheduler:~ $ ifconfig | grep "inet 192"
inet 192.168.0.109 netmask 255.255.255.0 broadcast 192.168.0.255
pi#brs-scheduler:~ $ ping brs-crossing.local
PING brs-crossing.local (10.0.0.1) 56(84) bytes of data.
From 192.168.0.1 (192.168.0.1) icmp_seq=1 Destination Net Unreachable
So for some reason, on this private network, mDNS is resolving correctly, but ping and ssh don't resolve properly?
What am I missing?
Unsurprisingly, since the pis worked fine on the local net and stopped working on a private net with a new router, it had to do with the configuration of the new router not mDNS.
mDNS was working fine:
pi#scheduler:~ $ avahi-resolve --name crossing.local -4
crossing.local 192.168.0.214
The new router on the private net had two operating modes "router" and "access point." In "router" mode, the router was pushing a DNS nameserver IP to clients which was somehow hosing ping and ssh and other services, despite mDNS working okay.
pi#scheduler:~ $ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 192.168.0.1
Once the router was placed in "access point" mode, and DHCP was turned on manually, everything worked.
Obscure problem. Obscure solution.

nmap seems to miss ports: doing something wrong?

If I specify a port range and scan for open ports such as the below
range, I get no result, even though ports (per netstat) are clearly
open and listening for web activity in this range:
[me#box ~]$ ./nmap --open -A --script ssl-enum-ciphers.nse,ssl-cert.nse -p [10050-65535] w.x.y.z
Starting Nmap 7.01 at 2016-01-21 16:24 CST
Service detection performed. Please report any incorrect results at http.../submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.63 seconds
See above: nothing reported!
But if I scan a specific port in that same range (the same way), I get the
result I'd expect:
[me#box ~]$ ./nmap --open -A --script ssl-enum-ciphers.nse,ssl-cert.nse -p 10050 w.x.y.z
Starting Nmap 7.01 ( ) at 2016-01-21 16:24 CST
Nmap scan report for box-name (w.x.y.z)
Host is up (0.00010s latency).
PORT STATE SERVICE VERSION
10050/tcp open http Apache httpd
|_http-server-header: Apache
Service detection performed. Please report any incorrect results at ht.../submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.74 seconds
What's wrong? Why doesn't it report that port (and some others) in the results
from the first command line? The second command line is the same except it
specifies a specific port that's known to be open (and output proves it is indeed open).
Makes no sense to me. Any advice?
This is nmap 7.01 if it matters.
Also I'm scanning the local box itself with its own specific IP address on which
the https ports are up and listening. (Not a scan of some other remote machine).
Using brackets around the port list means "Only scan ports if they occur in the services file." The nmap-services file that comes with Nmap does not contain a reference to port 10050, so that port is not scanned. In fact, you can see just which ports are scanned by using Grepable output and the -v flag:
$ ./nmap -p [10050-65535] -oG - -v
# Nmap 7.01SVN scan initiated Fri Jan 22 01:59:37 2016 as: ./nmap -p [10050-65535] -oG - -v
# Ports scanned: TCP(1371;10058,10064,10082-10083,10093,10101,10115,10160,10180,10215,10238,10243,10245-10246,10255,10280,10338,10347,10357,10387,10414,10443,10494,10500,10509,10529,10535,10550-10556,10565-10567,10601-10602,10616-10617,10621,10626,10628-10629,10699,10754,10778,10842,10852,10873,10878,10900,11000-11001,11003,11007,11019,11026,11031-11033,11089,11100,11110-11111,11180,11200,11224,11250,11288,11296,11371,11401,11552,11697,11735,11813,11862-11863,11940,11967,12000-12002,12005-12006,12009,12019,12021,12031,12034,12059,12077,12080,12090,12096-12097,12121,12132,12137,12146,12156,12171,12174,12192,12215,12225,12240,12243,12251,12262,12265,12271,12275,12296,12340,12345-12346,12380,12414,12452,12699,12702,12766,12865,12891-12892,12955,12962,13017,13093,13130,13132,13140,13142,13149,13167,13188,13192-13194,13229,13250,13261,13264-13265,13306,13318,13340,13359,13456,13502,13580,13695,13701,13713-13715,13718,13720-13724,13730,13766,13782-13784,13846,13899,14000-14001,14141,14147,14218,14237-14238,14254,14418,14441-14444,14534,14545,14693,14733,14827,14891,14916,15000-15005,15050,15145,15151,15190-15191,15275,15317,15344,15402,15448,15550,15631,15645-15646,15660,15670,15677,15722,15730,15742,15758,15915,16000-16001,16012,16016,16018,16048,16080,16113,16161,16270,16273,16283,16286,16297,16349,16372,16444,16464,16705,16723-16725,16797,16800,16845,16851,16900-16901,16992-16993,17007,17016-17017,17070,17089,17129,17251,17255,17300,17409,17413,17500,17595,17700-17702,17715,17801-17802,17860,17867,17877,17969,17985,17988,17997,18000,18012,18015,18018,18040,18080,18101,18148,18181-18184,18187,18231,18264,18333,18336-18337,18380,18439,18505,18517,18569,18669,18874,18887,18910,18962,18988,19010,19101,19130,19150,19200-19201,19283,19315,19333,19350,19353,19403,19464,19501,19612,19634,19715,19780,19801,19842,19852,19900,19995-19996,20000-20002,20005,20011,20017,20021,20031-20032,20039,20052,20076,20080,20085,20089,20102,20106,20111,20118,20125,20127,20147,20179-20180,20221-20228,20280,20473,20734,20828,20883,20934,20940,20990,21011,21078,21201,21473,21571,21631,21634,21728,21792,21891,21915,22022,22063,22100,22125,22128,22177,22200,22222-22223,22273,22290,22341,22350,22555,22563,22711,22719,22727,22769,22882,22939,22959,22969,23017,23040,23052,23219,23228,23270,23296,23342,23382,23430,23451,23502,23723,23796,23887,23953,24218,24392,24416,24444,24552,24554,24616,24800,24999-25001,25174,25260,25262,25288,25327,25445,25473,25486,25565,25703,25717,25734-25735,25847,26000-26001,26007,26208,26214,26340,26417,26470,26669,26972,27000-27003,27005,27007,27009-27010,27015-27019,27055,27074-27075,27087,27204,27316,27350-27353,27355-27357,27372,27374,27521,27537,27665,27715,27770,28017,28114,28142,28201,28211,28374,28567,28717,28850-28851,28924,28967,29045,29152,29243,29507,29672,29810,29831,30000-30001,30005,30087,30195,30299,30519,30599,30644,30659,30704-30705,30718,30896,30951,31033,31038,31058,31072,31337,31339,31386,31416,31438,31522,31657,31727-31728,32006,32022,32031,32088,32102,32200,32219,32260-32261,32764-32765,32767-32792,32797-32799,32803,32807,32814-32816,32820,32822,32835,32837,32842,32858,32868-32869,32871,32888,32897-32898,32904-32905,32908,32910-32911,32932,32944,32960-32961,32976,33000,33011,33017,33070,33087,33124,33175,33192,33200,33203,33277,33327,33335,33337,33354,33367,33395,33444,33453,33522-33523,33550,33554,33604-33605,33841,33879,33882,33889,33895,33899,34021,34036,34096,34189,34317,34341,34381,34401,34507,34510,34571-34573,34683,34728,34765,34783,34833,34875,35033,35050,35116,35131,35217,35272,35349,35392-35393,35401,35500,35506,35513,35553,35593,35731,35879,35900-35901,35906,35929,35986,36046,36104-36105,36256,36275,36368,36436,36508,36530,36552,36659,36677,36694,36710,36748,36823-36824,36914,36950,36962,36983,37121,37151,37174,37185,37218,37393,37522,37607,37614,37647,37674,37777,37789,37839,37855,38029,38037,38185,38188,38194,38205,38224,38270,38292,38313,38331,38358,38446,38481,38546,38561,38570,38761,38764,38780,38805,38936,39067,39117,39136,39265,39293,39376,39380,39433,39482,39489,39630,39659,39732,39763,39774,39795,39869,39883,39895,39917,40000-40003,40005,40011,40193,40306,40393,40400,40457,40489,40513,40614,40628,40712,40732,40754,40811-40812,40834,40911,40951,41064,41123,41142,41250,41281,41318,41342,41345,41348,41398,41442,41511,41523,41551,41632,41773,41794-41795,41808,42001,42035,42127,42158,42251,42276,42322,42449,42452,42510,42559-42560,42575,42590,42632,42675,42679,42685,42735,42906,42990,43000,43002,43018,43027,43103,43139,43143,43188,43212,43231,43242,43425,43654,43690,43734,43823,43868,44004,44101,44119,44176,44200,44334,44380,44410,44431,44442-44443,44479,44501,44505,44541,44616,44628,44704,44709,44711,44965,44981,45038,45050,45100,45136,45164,45220,45226,45413,45438,45463,45602,45624,45697,45777,45864,45960,46034,46069,46115,46171,46182,46200,46310,46372,46418,46436,46593,46813,46992,46996,47012,47029,47119,47197,47267,47348,47372,47448,47544,47557,47567,47581,47595,47624,47634,47700,47777,47806,47850,47858,47860,47966,47969,48009,48067,48080,48083,48127,48153,48167,48356,48434,48619,48631,48648,48682,48783,48813,48925,48966-48967,48973,49002,49048,49132,49152-49161,49163-49173,49175-49176,49179,49186,49189-49191,49195-49197,49201-49204,49211,49213,49216,49228,49232,49235-49236,49241,49275,49302,49352,49372,49398,49400-49401,49452,49498,49500,49519-49522,49597,49603,49678,49751,49762,49765,49803,49927,49999-50003,50006,50016,50019,50040,50050,50101,50189,50198,50202,50205,50224,50246,50258,50277,50300,50356,50389,50500,50513,50529,50545,50576-50577,50585,50636,50692,50733,50787,50800,50809,50815,50831,50833-50836,50849,50854,50887,50903,50945,50997,51011,51020,51037,51067,51103,51118,51139,51191,51233-51235,51240,51300,51343,51351,51366,51413,51423,51460,51484-51485,51488,51493,51515,51582,51658,51771-51772,51800,51809,51906,51909,51961,51965,52000-52003,52025,52046,52071,52173,52225-52226,52230,52237,52262,52391,52477,52506,52573,52660,52665,52673,52675,52710,52735,52822,52847-52851,52853,52869,52893,52948,53085,53178,53189,53211-53212,53240,53313-53314,53319,53361,53370,53460,53469,53491,53535,53633,53639,53656,53690,53742,53782,53827,53852,53910,53958,54045,54075,54101,54127,54235,54263,54276,54320-54321,54323,54328,54514,54551,54605,54658,54688,54722,54741,54873,54907,54987,54991,55000,55020,55055-55056,55183,55187,55227,55312,55350,55382,55400,55426,55479,55527,55555-55556,55568-55569,55576,55579,55600,55635,55652,55684,55721,55758,55773,55781,55901,55907,55910,55948,56016,56055,56259,56293,56507,56535,56591,56668,56681,56723,56725,56737-56738,56810,56822,56827,56973,56975,57020,57103,57123,57294,57325,57335,57347,57350,57352,57387,57398,57479,57576,57665,57678,57681,57702,57730,57733,57797,57891,57896,57923,57928,57988,57999,58001-58002,58072,58080,58107,58109,58164,58252,58305,58310,58374,58430,58446,58456,58468,58498,58562,58570,58610,58622,58630,58632,58634,58699,58721,58838,58908,58970,58991,59087,59107,59110,59122,59149,59160,59191,59200-59202,59239,59340,59499,59504,59509-59510,59525,59565,59684,59778,59810,59829,59841,59987,60000,60002-60003,60020,60055,60086,60111,60123,60146,60177,60227,60243,60279,60377,60401,60403,60443,60485,60492,60504,60544,60579,60612,60621,60628,60642,60713,60728,60743,60753,60782-60783,60789,60794,60989,61159,61169-61170,61402,61473,61516,61532,61613,61616-61617,61669,61722,61734,61827,61851,61900,61942,62006,62042,62078,62080,62188,62312,62519,62570,62674,62866,63105,63156,63331,63423,63675,63803,64080,64127,64320,64438,64507,64551,64623,64680,64726-64727,64890,65000,65048,65129,65301,65310-65311,65389,65488,65514) UDP(0;) SCTP(0;) PROTOCOLS(0;)
WARNING: No targets were specified, so 0 hosts scanned.
# Nmap done at Fri Jan 22 01:59:37 2016 -- 0 IP addresses (0 hosts up) scanned in 0.10 seconds
That shows 1371 scanned ports out of 55486 in the range you gave. Note that no packets were sent in this command: it's a nice way to see exactly which ports you will scan (like the default 1000, or the top 100 with -F, or some other list with --top-ports).

SSH Tunnelling - Remote Debugging

I can ssh into the server say abc.xyz on port 22 but i can't remote debug it in Eclipse. Here is the additional info :
Server startup arguments -
-Xdebug -Xrunjdwp:transport=dt_socket,address=1234,server=y,suspend=n
Confirmation from logs -
Listening for transport dt_socket at address: 1234
When I telnet on my local system -
local-machine% telnet abc-xyz 1234
Trying xx.xx.xx.xx...
telnet: connect to address xx.xx.xx.xx: Connection timed out
telnet: Unable to connect to remote host: Connection timed out
When I telnet on the server(abc.xyz) -
abc-xyz% telnet localhost 1234
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
Connection closed by foreign host.
I've tried setting up tunnel via -
ssh -L 1234:localhost:1234 user#abc-xyz
ssh -L 1234:127.0.0.1:1234 user#abc-xyz
I'm attaching debugger in Eclipse with this config -
Connection type - Standard (Socket attach)
Host - localhost
Port - 1234
Can't get Eclipse to attach to 1234.
After setting up SSH Tunnel, if i manually try to connect to the port, i get this response -
local-machine% telnet localhost 1234
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
Connection closed by foreign host.
and I see an entry in catalina.out as:
channel 4: open failed: connect failed: Connection refused
Any help would be appreciated.
EDIT - 1:
I ran
abc-xyz% ~#
and got the following output:
The following connections are open:
#2 client-session (t4 r0 i0/0 o0/0 fd 7/8 cc -1)
#3 direct-tcpip: listening port 1234 for localhost port 1234, connect from 127.0.0.1 port 23456 (t4 r1 i0/0 o0/0 fd 10/10 cc -1)
I think ssh tunneling is working, it's just the way i'm connecting with Eclipse which is going wrong here.
I just had to increase timeout. (Can be done via Window->Preferences->Java->Debugging. Set it to some appropriate value.)