Nmap and Nessus

Printable View

September 24th, 2002, 03:37 PM
Sgt_B

Nmap and Nessus

Running Nessus 1.2.5
Running Nmap v3.0
Scanning FW-1 Server
On RH Linux 7.2.

Here's the question. When I run a Nessus scan on ports 1-1024, its comes back as a dead host. Using TCP scan as well. Great! Makes me happy to see that.

I also run an nmap on the same ports, using TCP scan. It returns right away with:
"Host x.x.x.x appear to be up...good"
"All scanned ports are: filtered"

Why would Nessus see the host as dead, when nmap see's the host is up. How do these two differ when it comes to verifying the server is up or down?

Big confusion for me is that Nessus has nmap in it....

Any ideas?
September 24th, 2002, 03:58 PM
nebulus200

You have to be careful what options you select with nessus. I don't have it in front of me at the moment, but there are several configurable options for the nmap module. One thing that is possible is that you have a ping option selected and the destination may be stopping it. Another possibility is that you were a little overzealous in selecting your options and the result is that nessus thinks the machine isn't up. Either way, check the options.

Neb
September 24th, 2002, 04:48 PM
Sgt_B

There it was....little checkbox that had TCP ping. Oops! Thanks for giving me the much needed smack upside the head. :D
Its not telling me the host is dead anymore, but now there's no report at all. And the nmap output file has nothing in it at all!
I hate it when Nessus returns with a no report.

Thanks for the help!
:D

PS - Tried to give you some greens, but it said I need to spread the love around.