Why The results of nmap "- ST" and "- SS" are different - nmap

when i use
sudo nmap -sS "IP"
Only a 10 ports are open
But when I use
sudo nmap -sT "IP"
All ports are open.
I don't know why. Can someone help me? Thank you!

nmap -sS is a sealth scan while nmap with -sT is a TCP connect scan.
Sealth scan means that nmap send a SYN to the target machine and then that target machine reply to the system with ACK and SYN than again the host machine send a message which terminates the connection, during this process nmap scan for the open ports. Now what happens with TCP connect scan is that it does the complete 3-way handshaking with the target machine, due to which it is slower than sealth scan and also very noisy due to which the target machine can detect that it is being scanned.

Related

How can I check a socket from a webserver?

Im doing a challenge (CTF style) and everyting we got is an IP.
Scanning that IP only one port is open.
If I connect to that IP and port using netcat, I got a kind of "dance" doing in CMD, with a message at the end that says "Check socket 12345".
I need to understand again what truly a socket is because im not getting anywhere trying to connect to that socket.
Its possible to connect to a socket from a specific port? or I only can make a connection from a open port and there the web servers redirect my connection automatically to a socket?
You can use netcat nc and its -p option to set the source port.
Netcat man page say:
-p port
local port number (port numbers can be individual or ranges: lo-hi [inclusive])
Try "nc -p 12345 dest_IP dest_port"

Allow traffic on port / ubuntu

I'm getting crazy over this problem for over a week now.
I have a Raspberry Pi (Raspbian lite) directly connected with an ethernet cable to my laptop (Ubuntu), and I want to communicate with my application (running on the pi) over a tcp socket. My Laptop has the ip-adress 10.42.0.1, the pi has the ip-adress 10.42.0.241, I want to send data from to laptop to the pi on port 3000. I'm able log into the pi over ssh (ssh pi#10.42.0.241), and I'm able to ping the ip adress (ping 10.42.0.241 has a positive result).
To test if the port is open and I can send data from my latop to the pi I did on my laptop
$ nc -vl 10.42.0.241 3000
But I got the error
nc: Cannot assing requested adress
I understood that I have to open the port on my laptop and on the pi, so I did on my laptop
$ sudo iptables -A OUTPUT -p tcp --dport 3000 -j ACCEPT
and on the pi
$ sudo iptables -A INPUT -p tcp --dport 3000 -j ACCEPT
and I got an entry in my iptable (on my laptop in the CHAIN output, and on the pi in the CHAIN input) with the following entries
target = ACCEPT; prot = tcp; opt = --; source = anywhere; destination = anywhere; tcp dpt:3000
but the error message stays the same. I can see that there is nothing else blocking the port, because i can do on my laptop (remember, laptop-ip is 10.42.0.1)
$ nc -vl 10.42.0.1 3000
and then in another terminal
$ nc -v 10.42.0.1 3000
which is basically a localhost-connection - this is working perfect.
How do I get this working the pi? Any help is so much appreciated!
I also played around with ufw and some ip-routes, but nothing has helped.
Thanks a lot!
Mario

Redirecting filtered requests to second web server

What I want to do is setup two web servers. One will simply deliver normal content to people that request it and one will put minimal strain on the system and strictly deliver an access denied type of message for hackers.
I looked at http://www.cyberciti.biz/faq/linux-port-redirection-with-iptables/ for ideas on how to create this redirection based on a bad IP address and its suggesting:
iptables -t nat -A PREROUTING --src <source address> -p tcp --dport <new server port number> -j REDIRECT --to-port <new server port number>
I then tested that theory by trying the following on a computer without internet but with apache server running on port 80 and nothing on port 81:
iptables -t nat -A PREROUTING --src 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-port 81
I then typed in 127.0.0.1 in my web browser and received the same apache response as usual. Instead, I expected a browser message that it could not connect to the remote server.
How to I adjust the iptables command to make computers from listed IP in --src redirect from 127.0.0.1 port 80 to 127.0.0.1 port 81?
I understand I can use apache or php and even apache modules and all that for the redirection but I'm trying to use the least system-intensive approach and I want hackers to have the least amount of system resources available to them so that real visitors can enjoy a quality website, however
I want them to be able to see a message because if a real person gets blocked by accident then at least they can understand what's going on from an error message instead of a connection drop.
Packets on the loopback interface (127.0.0.0/8) don't pass through the NAT tables. Try using an external computer for the test.

Opensips is listenning port 5060, but NMap shows 5060 is closed, Opensips can't receive REGISTER

I got Opensips on an Ubuntu Cloud Server, it is listenning the port 5060.
sudo netstat -lpn | grep opensips
tcp 0 0 42.123.76.60:5060 0.0.0.0:* LISTEN 5177/opensips
udp 0 0 42.123.76.60:5060 0.0.0.0:* 5177/opensips
But I test on the remote pc client with tools, and shows that the 5060 was closed:
enter link description here to checking the port status!!
nmap -p5060 42.123.76.60
PORT STATE SERVICE
5060/tcp closed sip
Nmap done: 1 IP address (1 host up) scanned in 0.21 seconds
I am wondering that will it results to nothing received from sip clients
Jitsi on my pc sended REGISTER, meanwhile, the remote Opensips got nothing.
Thanks for your attention, I really appreciate your help!
Have you implemented any firewall? Try "iptables -F"

I am unable to setup remote debugging for my Tomcat 6 web app on Ubuntu 12.04, can anyone help me?

I am unable to setup remote debugging for my Tomcat 6 web app on Ubuntu 12.04.
I have tried the solutions offered in the following related question:
Remote debugging Tomcat with Eclipse
The highest ranked solution says I should open catalina.sh and change the JPDA_OPTS variable to:
JPDA_OPTS="-agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n"
Then start tomcat using jpda:
catalina.sh jpda start
I checked my app at localhost, port 8000 and got an 'Unable to connect error'.
The next best solution was:
In catalina.bat file please modify the below.
Step 1: CATALINA_OPTS="-Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n"
Step 2: JPDA_OPTS="-agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n"
Step 3: Run Tomcat from command prompt like below: catalina.sh jpda start
When I checked localhost, port 8000 I got the same 'Unable to connect error'.
Attempting to connect to the tomcat debugger through Eclipse after both of these
attempts gave me an error:
Failed to connect to remote VM. Connection refused.
Connection refused
This made me think that port 8000 might be closed so I ran an nmap command to show
which ports on my 'localhost' were open. It returned the following:
ryan#ryan-K53E:~$ nmap -v localhost
Starting Nmap 5.21 ( http://nmap.org ) at 2013-04-15 22:12 BST
Initiating Ping Scan at 22:12
Scanning localhost (127.0.0.1) [2 ports]
Completed Ping Scan at 22:12, 0.00s elapsed (1 total hosts)
Initiating Connect Scan at 22:12
Scanning localhost (127.0.0.1) [1000 ports]
Discovered open port 80/tcp on 127.0.0.1
Discovered open port 3306/tcp on 127.0.0.1
Discovered open port 53/tcp on 127.0.0.1
Discovered open port 22/tcp on 127.0.0.1
Discovered open port 8080/tcp on 127.0.0.1
Discovered open port 631/tcp on 127.0.0.1
Completed Connect Scan at 22:12, 0.02s elapsed (1000 total ports)
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00028s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
631/tcp open ipp
3306/tcp open mysql
8080/tcp open http-proxy
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
This looks to confirm that port 8000 is closed so I defined 'tomcat-debug' as a service in the
'/etc/services' file like so:
tomcat-debug 8000/tcp # Remote tomcat debugging
Then tried to open port 8000 with iptables using the following command:
sudo iptables -A INPUT -p tcp --dport tomcat-debug -j ACCEPT
This doesn't seem to have made a difference as nmap is still showing the same list of open ports as
before. Any help here would be greatly appreciated.
Before checking if port 8000 is reachable form outside (your test with nmap) , have you tried to check if tomcat is listening on port 8000 ?
I'd use sudo netstat -pnl | grep 8000 to get a list of all process listening on port and filter this list for lines containing 8000.
you should receive something like this :
tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN 14236/java
This line tell that the process java (pid 14236) is listening for tcp on localhost(127.0.0.1) port 8000.
You should check that you tomcat process is listening on an external address if you want to connect to from external.