Nmap-3.55 scanning

[J_K9]

All of the websites I've scanned with Nmap-3.55 tell me that the "host seems down", and if it is blocking ping probes to try "-P0"instead. If I was scanning for example:

c:\Program Files\nmap-3.55>[glowpurple]nmap -A -T4 xxxxxx.com[/glowpurple]

and it came up with that, what would I replace with the -P0, the -A or the -T4?

Also, do you know of any sites which support being scanned for newbies, cause I scanned scanme.insecure.org and it also said the "host seems down".


J_K9

[Tiger Shark]

All of the websites I've scanned with Nmap-3.55 tell me that the "host seems down",

The way you put that it sounds like you are picking websites at random..... While most admins will ignore you some are a little jittery and may report you to your ISP who may decide you are in breach of their AUP and cut your access..... 'nuff said?

Just add the -P0 to the command line. It's a simple "do or don't" switch that IIRC isn't reliant on any other switch. NMap will ping by default so unless you specify "don't" then it will assume that the host itself is down if the ping is blocked by a firewall and stop operation.

Further "warning".... NMap pings, along with a lot of the types of scans it uses are becoming more "noticable" by IDS' which makes it harder to use from a single location or on an idle host scan for example than it used to be.....

You will be noticed by competent admins.....

[Shrekkie]

Search this forum , section security tutorials, for some really good tutorials on nmap scanning by thehorse13.
They should tell you practically all there is about nmap.

Cheers,

http://www.antionline.com/search.php...der=descending

[J_K9]

I've downloaded nmap-3.50 instead because I read threads on it restarting the subject computer, but when I do the same command and include -P0 the result doesn't come back. It just hangs... This is scanning "scanme.insecure.org".

[Tiger Shark]

You need to have a little patience with NMap.... It doesn't just pop up immediately and say "Hah, WinXP, build x.xxx.xx with these ports open". It takes it's time unless you set the timing to insane..... even then it isn't like a racehorse.... It can still take several minutes.

[J_K9]

Oh, thanks, I've managed to get it working on the command "nmap -v -P0 scanme.insecure.org".

Thanks for all your help!!

[J_K9]

Ok, it's not where I thought it was going! Now it really is hanging after "ïnitiating SYN Stealth Scan". I'll wait for another 10 mins and see how it goes...

J_K9

[Tiger Shark]

NMap isn't "chatty" even in very verbose mode..... patience my boy, patience...

[thehorse13]

For those who are wondering what this -A business is, it is merely version scan using the new switch. It is the same as using -sV -O but instead, -A wraps both commands into one switch.


Also, NMAP running on an XP SP2 machine will do shitty things now that raw socket support is gone. There are two switches that can be used to possibly get it working. One is -P0 and the other is to tell it not to use raw sockets (haven't used that switch in a dog's age. it's something like -no win_raw_sock).

One more thing, running NMAP from behind a SOHO NAT router such as a linksys BEFSR41 generally produces baaaad results. Try something on your local LAN segment first just to see if your NMAP command is producing what you expect to see.

Anyway, FWIW.

--TheHorse13

EDIT: btw, setting the timing to 4 is like running a bull through a china shop. Even a n00b admin will see an agressive NMAP scan.

[J_K9]

Thanks TH13 for the info, but I am not connected to any network. Just dialup connection. Also, what is the quickest way to find out the IP address of your own computer?

Oh, BTW, nmap is STILL initiating SYN Stealth Scan on scanme.insecure.org