Results 1 to 10 of 10

Thread: NMAP Results are.....Disappointing.

  1. #1
    Just burned his ISO
    Join Date
    Oct 2012
    Posts
    1

    Question NMAP Results are.....Disappointing.

    Just got backtrack up and running and was so excited to use Armitage's Nmap scan feature that identifies every last detail of target computer, even suggesting attacks but.....totally lame.

    It can't identify OS, device type, or anything of use.

    So, I tried Zenmap.

    Still....nothing but '1 service recognized.'

    I then tried the standard Nmap in Metasploit.

    Same deal.

    The strange thing is that via a line of code from statcounter.com I was able to receive OS, Browser, and IP on target.

    Um....I must be doing something wrong, right?

  2. #2
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: NMAP Results are.....Disappointing.

    NMAP is a very effective tool, I suggest you go through the help manual or different tutorials.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  3. #3
    Very good friend of the forum maverik35's Avatar
    Join Date
    Sep 2009
    Location
    Debian land
    Posts
    734

    Default Re: NMAP Results are.....Disappointing.

    Would you please give more info as nmap parameters used, lan type auditing (If any vlan, broadcast domains, simple and plain LAN, etc), any firewalls in targets (if you know of any in the LAN's systems)...

    Some OS fingerprints are not recognized by nmap, if so, you can send fingerprint to nmap and specify the exact OS to be incorporated in nmap..

    To detect an OS, there must be at least one TCP and one UDP ports open..That is stated clearly by nmap since it uses TCP and UDP packages to send to remote system and analyze bits received..there are 15000 fingerprints in nmap database.

    You might be auditing ports from 1-1024, the default for nmap..If you have any tcp or udp service listening beyond port 1024, you need to specify it with "-p-" or -p1-65535.

    Hope it helps.

    Luck.

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: NMAP Results are.....Disappointing.

    Quote Originally Posted by maverik35 View Post
    You might be auditing ports from 1-1024, the default for nmap...
    It's a minor detail but that's actually NOT correct. By default nmap uses what a lot of research has identified as the 1000 most common ports/services.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    Very good friend of the forum maverik35's Avatar
    Join Date
    Sep 2009
    Location
    Debian land
    Posts
    734

    Default Re: NMAP Results are.....Disappointing.

    Quote Originally Posted by thorin View Post
    It's a minor detail but that's actually NOT correct. By default nmap uses what a lot of research has identified as the 1000 most common ports/services.
    Still stick to 1-1024, you can refer to the "man nmap" if any doubt. It states as "The first 1024"..

    But one thing is for sure, the most common ports used (and assigned) are the first 1024...
    Last edited by maverik35; 10-16-2012 at 09:15 AM.

  6. #6
    Junior Member
    Join Date
    Aug 2011
    Posts
    34

    Default Re: NMAP Results are.....Disappointing.

    Sorry but if your nmap man says it scans ports 1-1024 by default , it's probably the only one that does that.

    "PORT SPECIFICATION AND SCAN ORDER
    In addition to all of the scan methods discussed previously, Nmap offers options for specifying which ports are scanned and whether the scan order is
    randomized or sequential. By default, Nmap scans the most common 1,000 ports for each protocol."

    just like thorin said it scans the most common 1000 ports, that surely includes lots of ports in the 1-1024 ports, but not all of them.Databases default ports and other common services are also included in that default 1000 list.

  7. #7
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: NMAP Results are.....Disappointing.

    Quote Originally Posted by maverik35 View Post
    Still stick to 1-1024, you can refer to the "man nmap" if any doubt. It states as "The first 1024"..
    From the "hourse's mouth" so to speak:
    http://nmap.org/book/man-port-specification.html
    By default, Nmap scans the most common 1,000 ports for each protocol.
    From "man nmap" v6.00 on an Ubuntu box:
    PORT SPECIFICATION AND SCAN ORDER
    In addition to all of the scan methods discussed previously, Nmap offers options for specifying which ports are scanned and whether the scan order is randomized or sequential. By default, Nmap
    scans the most common 1,000 ports for each protocol.
    As you can see from the nmap 5 announcement:
    http://nmap.org/5/
    Host discovery and port scanning performance and features

    Nmap has been doing host discovery and port scanning since its release in '97, but we continue to improve this core functionality. We've added many new features and dramatically improved performance! Here are the biggest enhancements since 4.50:

    * Nmap now scans the most common 1,000 ports by default in either protocol (UDP scan is still optional). These were determined by spending months scanning tens of millions of IPs on the Internet. This makes Nmap faster (used to scan 1,715 TCP ports by default) and yet more comprehensive since the smaller number of ports are better chosen.

    <snip>

    * The --top-ports option lets you specify the number of ports you wish to scan in each protocol, and will pick the most popular ports for you based on the new frequency data. For both TCP and UDP, the top 10 ports gets you roughly half of the open ports. The top 1,000 (out of 65,536 possible) finds roughly 93% of the open TCP ports and more than 95% of the open UDP ports.
    The man page does use 1-1023 as an example, but that has nothing to do with the default.
    -p port ranges (Only scan specified ports) .
    This option specifies which ports you want to scan and overrides
    the default. Individual port numbers are OK, as are ranges
    separated by a hyphen (e.g. 1-1023).
    <snip>
    Quote Originally Posted by maverik35 View Post
    But one thing is for sure, the most common ports used (and assigned) are the first 1024...
    No, No, 1000 times no.

    If you check https://svn.nmap.org/nmap/nmap-services, you can pull it into Excel (or whatever) in order to sort and filter. As an example you can see sorting tcp protocol services/ports descending by open-frequency that 3389 (RDP/Terminal Services) is 7th on the list, if you did 1-1023 you'd miss it (not to mention numerous others in the top 1000).
    Last edited by thorin; 10-18-2012 at 08:37 AM.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  8. #8
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: NMAP Results are.....Disappointing.

    Port numbering aside, funny as this was to read , what more can you tell us about the computer you are trying to scan in regards to firewalls and network location relative to your computer?
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  9. #9
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: NMAP Results are.....Disappointing.

    Ok ya so I kinda got a bit off track Thanks ShadowMaster

    Back to the OP. What happens when you run nmap directly? Is there a host firewall on the target system? What about HIPS? Are there any network devices between you and the other system? Assuming the target is a window system, when you're actually on that system what output does:
    Code:
    netstat -an|find "LISTENING"
    give you?
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  10. #10
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: NMAP Results are.....Disappointing.

    Thorin, it always amuses me to see someone who really has no idea what he is talking about shown up by those who do. But again, back to OP, besides for all the obvious things, are you scanning a vm hackme, a targeted host on your own LAN, or an actual attack scenario? Cuz people here won't help with the last one, which is kinda what it sounds like...
    World Domination is such an ugly phrase. I prefer the term World Optimization.

Similar Threads

  1. Replies: 6
    Last Post: 11-30-2011, 08:14 PM
  2. script nmap for results
    By pentest09 in forum Beginners Forum
    Replies: 7
    Last Post: 03-22-2011, 10:41 AM
  3. [nmap] - Erro no Nmap
    By F0K3R in forum Suporte Software
    Replies: 4
    Last Post: 12-08-2010, 09:58 PM
  4. 2 different PC's, 2 different results?
    By yadsendew in forum OLD BT3final Support
    Replies: 4
    Last Post: 04-10-2009, 10:31 PM
  5. Aircrack gives different results
    By mephisto in forum OLD Newbie Area
    Replies: 4
    Last Post: 09-18-2007, 05:09 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •