What are the ports that -F option in nmap probe? - nmap

I searched the nmap book but I couldn't find the list of ports probed with the -F option. Can anyone help me with this information?

You can get the complete list of ports from Nmap by running it in verbose Grepable output mode without any targets:
$ nmap -F -v -oG -
# Nmap 7.70 scan initiated Tue May 7 15:02:23 2019 as: ./nmap -F -v -oG -
# Ports scanned: TCP(100;7,9,13,21-23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157) UDP(0;) SCTP(0;) PROTOCOLS(0;)
WARNING: No targets were specified, so 0 hosts scanned.
# Nmap done at Tue May 7 15:02:23 2019 -- 0 IP addresses (0 hosts up) scanned in 0.03 seconds
Note the line that says "Ports scanned:" which lists 100 TCP ports starting with 7, 9, and 13 and ending with the range 49152-49157.

Related

Nmap -oG Scan ( No targets were specified, so 0 hosts scanned)

nmap scanme.nmap.org works fine. I see the SSH 22 Port open etc...
But whenever I want to scan my own IP Address (ifconfig, eth0 Inet Address) - I get that 0 hosts scanned notif.
The command I use is:
nmap -oG "x.x.x.0-255" -vv > /Desktop/test.txt
I get 0 results.
The -oG option requires you to specify an output file. Try one of the following:
nmap "x.x.x.0-255" -vv -oG /Desktop/test.txt
nmap -oG - "x.x.x.0-255" -vv > /Desktop/test.txt

Rotating per packets receiving by TCPDUMP

How can I use 'tcpdump' command to capture and save each received packets to separate files (having rotatation per packet without losing any packets).
How about saving dump to a file and then splitting that to separate files?
$ sudo tcpdump -c 10 -w mycap.pcap
tcpdump: data link type PKTAP
tcpdump: listening on pktap, link-type PKTAP (Packet Tap), capture size 65535 bytes
10 packets captured
you'll need to have wireshark installed for this to work (e.g. with brew install wireshark on Mac or apt-get on Ubuntu)
$ editcap -c 1 mycap.pcap output.pcap
10 packets captured -> 10 files created
$ ls -la output* | wc -l
10

vnstat not updating on certain interfaces

vnstat is updating only one interface every five minutes. I have to use
vnstat -u
to manually update the rest of interfaces. All interfaces are already enabled, but only one interface is updating every 5 minutes.
Check which user the vnstat daemon is running as using ps aux | grep [v]nstat.
I recently had the same problem and after priming the database with
vnstat -u -i eth0 as root the vnstat process couldn't write to the /var/lib/vnstat/eth0
file as it was running as user "vnstat".
If vnstat is running as user "vnstat" ensure that it has permission to write to /var/lib/vnstat/eth0.
When you add the interface for eth0 or ppp0 or whatever, make sure you do it as the vnstat user. ie
sudo -u vnstat vnstat -i ppp0 -u
If you run this as root first you are will have problems even if you chmod the file in /var/lib/vnstat. This is due to the creation of a back file called .ppp0 which you might miss if you are not looking for it. There will be an error in syslog saying that the backup file cannot be written.
So I was having a similar problem where i was getting the following:
$ vnstat -i eno1
eno1: not enough data available yet
I also tried every other command while pointing to eno1. I would sometimes even get:
Error: Unable to create database backup "/var/lib/vnstat/.eno1"
OR
Segmentation fault (core dumped)
I tried reinstalling, and everything else under the sun.
Following Andrew's answer to the 't' returned:
Error: Unable to open database "/var/lib/vnstat/eno1" for writing: Permission denied
so instead I did the following, but I'm not sure which one of these commands did the trick.
$ sudo vnstat -i eno1 -u
$ sudo vnstat -u -i eno1
Then I checked to see if the interface was working again:
$ sudo vnstat -i eno1
which returned:
>
Database updated: Wed Dec 5 10:17:37 2018
(eno1) since 1969-12-31
rx: 2 KiB tx: 1 KiB total: 3 KiB
monthly
rx | tx | total | avg. rate
------------------------+-------------+-------------+---------------
Dec '69 2 KiB | 1 KiB | 3 KiB | 0.00 kbit/s
------------------------+-------------+-------------+---------------
estimated -- | -- | -- |
daily
rx | tx | total | avg. rate
------------------------+-------------+-------------+---------------
today 2 KiB | 1 KiB | 3 KiB | 0.00 kbit/s
------------------------+-------------+-------------+---------------
estimated -- | -- | -- |
Now its finally able to read and write to eno1 log. I noticed this problem since conky was not showing up any stats reports on today && Month && total. I wasn't expecting anything under month, but after a couple days I was expecting something under hours.
I realise the rest will take a while to populate with data. But now I know for sure it is working. Also, my conky app is finally displaying the information.
However, prior to this solution, I had already chmod the file.
Additional info for newbies such as myself:
- make sure to check which interface you are using, I often see solutions for eth0 and others that do not appear when using "$ ifconfig". Enter:
$ ifconfig
and you should see on the left hand side of the results the interface name. Mine are, eno1, lo, and wlo1.
next to the label: "Link encap:" it should say if it is wireless, ethernet, or local loopback
lo is the local loopback a.k.a localhost/127.0.0.1
What I am not sure of, in my case, is the difference between eno1 and wlo1. they both say "Ethernet". I wonder if doesn't have something to do with my direct wifi printer.

How to get the IP address used by a Parallels VM from the host?

Parallels has a command line API which is documented here
>prlctl list
UUID STATUS IP_ADDR NAME
{ca50aac6-caa6-47a6-9bfe-e38f6261cb8d} running - win7
Still, even with this the IP_ADDR reported is always empty, even if the machine is running as has an internet connection.
How can I find the IP of the machine from the guest? I need a way to connect to the guest, by using a domain name or an IP.
If it's a Windows VM, you can get the IP with the following command from the host:
prlctl exec "VM Name" ipconfig | grep "IPv4" | grep -o '\d\{1,3\}\.\d\{1,3\}\.\d\{1,3\}\.\d\{1,3\}'
For a *nix VM:
prlctl exec "VM Name" ifconfig eth1 | grep "inet " | grep -o 'addr:\d\{1,3\}\.\d\{1,3\}\.\d\{1,3\}\.\d\{1,3\}' | grep -o '\d\{1,3\}\.\d\{1,3\}\.\d\{1,3\}\.\d\{1,3\}'
if you want to access the machine using SSH there is a built in command that can help with this.
prlctl enter <VM_ID|VM_NAME>
This will open a prompt as root to the VM
if you want the IP for any other reason there is another way to get it
prlctl exec <VM_ID|VM_NAME> ifconfig
The exec command from prlctl will execute the ifconfig command on the host linux machine (if using windows do ipconfig instead of ifconfig)
All the output of the ifconfig will be printed on your terminal and the ip will be clearly visible in the output
I stumbled upon this today and found it questionable that the list command shows an IP_ADDR but never the IP. I checked the most recent docs for the prlctl command and its states:
-f, --full
Shows the real IP address(es) for running virtual machines.
Providing this flag displays the IP addresses for me
prlctl list -f

How to make sure a xen DomU is HVM or PV

i used virt-install to create a DomU image, but i cannot make sure the DomU created is a HVM or a PV.....anyone has any ideas?
On Citrix XenServer 6.2, looking at all the parameters of the VM you'll see refferences to PV or HVM:
# xe vm-list name-label=myVM params=all|grep PV-[kd]
PV-kernel ( RW):
PV-drivers-version (MRO): major: 6; minor: 2; micro: 0; build: 70442
PV-drivers-up-to-date ( RO): true
It turns out, in case of a linux VM, you can see if its PV:
[myVM]$ dmesg | egrep "Booting|Xen ver"
Booting paravirtualized kernel on Xen
Xen version: 4.1.5 (preserve-AD)
I'm not quite sure why PV-kernel does not reflect this. For more details see
determine-which-guest-is-running-on-xen-hvm-or-pv-guest and
is-there-an-os-command-i-can-run-to-determine-if-running-inside-a-xen-based-virt.
Run
virsh edit VM_NAME
Then look for the element inside the element. If the value is linux is PVM.
If your Dom0 is a linux machine , can you please check the output of command "ps -eaf | grep qemu" ? It should state the type of guest running on it (in case it is xen hypervisor that is being used).
The output corresponding to pv guest machine will end with "-M xenpv" and output corresponding to hvm/pvhvm guest machines should end with "-M xenfv". This is what i find in my case.
# ps -eaf | grep qemu
/usr/lib/xen/bin/qemu-dm -d 419 -serial pty -domain-name pvm_guest -videoram 4 -vnc 0.0.0.0:0 -vncunused -M xenpv
/usr/lib/xen/bin/qemu-dm -d 429 -domain-name hvm_guest -videoram 4 -k en-us -vnc 0.0.0.0:0 -vncunused -vcpus 1 -vcpu_avail 0x1 -boot c -serial pty -acpi -net nic,vlan=1,macaddr=00:16:3e:40:94:4f,model=rtl8139 -net tap,vlan=1,ifname=tap429.0,bridge=br0 -M xenfv