I just installed nmap (never used it before). I want to see which machine on the network is listening to port 1234. How can I do that using the GUI of nmap.
nmap -v -A -p 1234 192.168.1.1-255 This command will scan your entire subnet
The officially supported (and included!) GUI for Nmap is Zenmap. It uses Profiles to choose common options, but the command line is clearly editable, as well. To get started, choose the Regular Scan profile, which removes the extra timing and scan mode arguments. Then, enter your target in the Target box. To scan a local network, you can use CIDR notation (e.g. 10.10.0.0/16) or octet ranges (e.g. 10.10.0-255.0-255).
To scan just one port, use the -p option with the port number. It is usually helpful to specify verbose output, too, with -v. Altogether, your command line will look something like this:
nmap -p 1234 -v 10.10.10.0/24
Then click the Scan button to begin scanning.
This worked for me
nmap -p 1234 -A -v 10.10.*.*
Related
I would like to know if I can obtain ssh version using nmap of my external vps.
nmap -p 22 sV <domainname>
result:
22/tcp filtered ssh
Is there another nmap syntax so I can obtain ssh service version?
Just want to obtain the ssh service version of my external vps.
I tried alot of nmap commands but probably there's a struggle in-between like a firewall, which causes a filtered state. My own network is behind a DrayTek Device. Maybe a possible cause?
Thanks in advance!
The nmap option --badsum is able to provide insight about the existence of a firewall. A non firewall device that runs a full network stack will silently drop a bad checksum. In the case that your scan reaches an end device, you would expect to see the same result as your -sV scan. A firewall may offer a different reply to the --badsum.
The answer to your question regarding version, is that -sV is ideal, however -A may run some scripts that return useful information. You can also run --script=sshv1 or another specific script that is ssh related. More script options are here nmap scripts.
I use nmap in order to test an external embedded device.
Nmap gives different output/results when the port range increase.
For example:
nmap -sT -p 1-10 10.39.123.456
//print all the port's status
nmap -sT -p 1-1000 10.39.123456
//nmap show only the open port
Is possible to avoid this ?
Regards
Nmap hides "uninteresting" port statuses (usually closed and filtered) when there are too many of them; it prints a line like Not shown: 987 closed ports in this case. You can increase the threshold where Nmap decides to collapse uninteresting statuses by increasing the verbosity (-v) or debug (-d) levels. At debug level 3 (-d3), all ports will be shown regardless of state.
You should try this
nmap -sT -p- 10.39.123.456
When I used
nmap -sP IP/24 -v,
nmap scanned for around 5 minutes. Then it reported that all 256 hosts are up.
But when I used
nmap -sP * .* .*.253 -v
it said the host wasn't up.
What's going on here?
You can use nmap -sO -v IP/24.
-sO means IP protocol scan.
You can also see which machines are open in this scan.
I am trying to list a shared folder I have on the desktop of a virtual machine. with these commands:
nmap -sU -sS --script smb-enum-shares.nse -p U:137,T:139 10.10.10.115
nmap --script smb-enum-shares.nse -p445 10.10.10.115
The combined output is :
Nmap scan report for 10.10.10.115
Host is up (0.00s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds
139/tcp open netbios-ssn
137/udp open netbios-ns
MAC Address: 08:00:27:31:DB:FC (Oracle VirtualBox virtual NIC)
This is not the output I am supposed to get referring to this : https://nmap.org/nsedoc/scripts/smb-enum-shares.html
Why is it not listing the shared folder on the desktop ? I have set maximum permission to everyone for the folder.
Thank you !
Guillaume
Seems like a bug in nmap https://github.com/nmap/nmap/issues/704
You can try -d flag to run nmap in debug mode. I see the "SMB: Login as \guest failed (NT_STATUS_ACCOUNT_DISABLED)" error. But other utilites (e.g. softperfect network scanner) works fine without specific permisions on remote machine.
See documentation: smb-enum-shares. Use function add_account in smbauth module
This question is following this one: Sockets working in openSUSE do not work in Debian?
When working with sockets on my Debian system, I have to use nc -l -p port_number to simulate the server I want to talk with. If I'm using nc -l port_number, it will fail when using the socket connect function and strerror(errno) will say "Connection refused".
Netcat without -p option is working great on other Linux distributions, what should I change on my configuration?
Do not adjust your set. There are multiple implementations of netcat out there; not all of them behave the same.
In particular, the "traditional" version of netcat, which is probably what you have installed on your Debian system, will end up doing something totally unexpected if you omit the -p ("port") flag: it will end up treating the last argument as a hostname, pass it to inet_aton(), which will convert it to a nonsensical IP address (e.g, 1234 will become 0.0.4.210), and will then proceed to ignore that IP address and listen on a socket with an automatically assigned (probably random) port number.
This behavior is obviously silly, so some other implementations of netcat will assume you meant -p. The one you're using doesn't, though, so pass the -p option.
I agree with duskwuff that it is better to just use the -p option everywhere, but to answer your question:
The one thing you have to do is install a netcat that supports the syntax you want. I know the netcat-openbsd package supports it. I know the netcat-traditional package does not. There's also a netcat6 package, which also doesn't. You can then explicitly request the OpenBSD version of netcat like so:
nc.openbsd -l 4242
Optionally you may use the alternatives system to set this version of netcat to run when you issue the nc command:
update-alternatives --set nc /bin/nc.openbsd
This will be done automatically for you if this is the only netcat you've installed.
Finally, you may, again optionally, remove the netcat you don't like (netcat-traditional or netcat6).