Nmap-3.55 scanning
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Nmap-3.55 scanning

  1. #1
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548

    Question Nmap-3.55 scanning

    All of the websites I've scanned with Nmap-3.55 tell me that the "host seems down", and if it is blocking ping probes to try "-P0"instead. If I was scanning for example:

    c:\Program Files\nmap-3.55>[glowpurple]nmap -A -T4 xxxxxx.com[/glowpurple]

    and it came up with that, what would I replace with the -P0, the -A or the -T4?

    Also, do you know of any sites which support being scanned for newbies, cause I scanned scanme.insecure.org and it also said the "host seems down".


    J_K9
    TAZForum <---- click

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    All of the websites I've scanned with Nmap-3.55 tell me that the "host seems down",
    The way you put that it sounds like you are picking websites at random..... While most admins will ignore you some are a little jittery and may report you to your ISP who may decide you are in breach of their AUP and cut your access..... 'nuff said?

    Just add the -P0 to the command line. It's a simple "do or don't" switch that IIRC isn't reliant on any other switch. NMap will ping by default so unless you specify "don't" then it will assume that the host itself is down if the ping is blocked by a firewall and stop operation.

    Further "warning".... NMap pings, along with a lot of the types of scans it uses are becoming more "noticable" by IDS' which makes it harder to use from a single location or on an idle host scan for example than it used to be.....

    You will be noticed by competent admins.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Trumpet-Eared Gentoo Freak
    Join Date
    Jan 2003
    Posts
    992
    Search this forum , section security tutorials, for some really good tutorials on nmap scanning by thehorse13.
    They should tell you practically all there is about nmap.

    Cheers,

    http://www.antionline.com/search.php...der=descending
    Come and check out our wargame-site @ http://www.rootcontest.org
    We chat @ irc.smdc-network.org #lobby

  4. #4
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548
    I've downloaded nmap-3.50 instead because I read threads on it restarting the subject computer, but when I do the same command and include -P0 the result doesn't come back. It just hangs... This is scanning "scanme.insecure.org".
    TAZForum <---- click

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    You need to have a little patience with NMap.... It doesn't just pop up immediately and say "Hah, WinXP, build x.xxx.xx with these ports open". It takes it's time unless you set the timing to insane..... even then it isn't like a racehorse.... It can still take several minutes.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548
    Oh, thanks, I've managed to get it working on the command "nmap -v -P0 scanme.insecure.org".

    Thanks for all your help!!
    TAZForum <---- click

  7. #7
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548
    Ok, it's not where I thought it was going! Now it really is hanging after "´nitiating SYN Stealth Scan". I'll wait for another 10 mins and see how it goes...

    J_K9
    TAZForum <---- click

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    NMap isn't "chatty" even in very verbose mode..... patience my boy, patience...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    For those who are wondering what this -A business is, it is merely version scan using the new switch. It is the same as using -sV -O but instead, -A wraps both commands into one switch.


    Also, NMAP running on an XP SP2 machine will do shitty things now that raw socket support is gone. There are two switches that can be used to possibly get it working. One is -P0 and the other is to tell it not to use raw sockets (haven't used that switch in a dog's age. it's something like -no win_raw_sock).

    One more thing, running NMAP from behind a SOHO NAT router such as a linksys BEFSR41 generally produces baaaad results. Try something on your local LAN segment first just to see if your NMAP command is producing what you expect to see.

    Anyway, FWIW.

    --TheHorse13

    EDIT: btw, setting the timing to 4 is like running a bull through a china shop. Even a n00b admin will see an agressive NMAP scan.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  10. #10
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548
    Thanks TH13 for the info, but I am not connected to any network. Just dialup connection. Also, what is the quickest way to find out the IP address of your own computer?

    Oh, BTW, nmap is STILL initiating SYN Stealth Scan on scanme.insecure.org
    TAZForum <---- click

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •