Quote:
Originally Posted by fukawi1
Did you try using -PN?
|
Thanks for this tip. I just tried it and NMAP responds that all "All 1000 scanned ports on 192.168.1.3 are filtered"
Code:
androideve@ubuntu10:~$ nmap -PN 192.168.1.3
Starting Nmap 5.00 ( http://nmap.org ) at 2011-11-16 09:20 EST
All 1000 scanned ports on 192.168.1.3 are filtered
Nmap done: 1 IP address (1 host up) scanned in 6.89 seconds
I understand that this has to do with the firewall on the remote (scanned) host, but the main reason I am trying to use NMAP is to see which ports on the remote host are open and whether it is at all ping-able.
Well, I can ping it using 'ping' but not using NMAP. I find this very confusing.
Furthermore, the iptables firewall on the remote host has SSH checked as a Trusted Service ("accessible from all hosts and networks"). Why didn't NMAP detect this?
UPDATE: It turns out that when I last scanned the CentOS 6 remote host, it was in sleep mode. When I woke it up and tried NMAP again, I received:
Code:
android-eve@ubuntu10:~$ nmap -PN 192.168.1.3
Starting Nmap 5.00 ( http://nmap.org ) at 2011-11-16 11:11 EST
Interesting ports on 192.168.1.3:
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp closed ssh
Nmap done: 1 IP address (1 host up) scanned in 4.97 seconds
So, at least I see some consistency between the firewall setting and what NMAP reports.
I am still confused by NMAP not reporting a perfectly ping-able host. If I were to rely on NMAP for verifying that my host is 100% stealthed, it would have mislead me.
What am I missing about the correct usage of NMAP?