Issues with nmap port scanner, want to scan server for security

P

Punkrulz

[H]ard|Gawd
Joined
Nov 11, 2001
Messages
1,458
Hey guys,

I want to scan my server for any port risks, I'm trying to run the latest nmap port scanner, but for some reason it just doesn't want to work. I'm running it off of XP since I don't have unix handy, and as far as I know everything is installed correctly. Can someone please help?
 
What problems are you having with nmap? Are you running it off the command line or using nmapwin? did you install the latest version of winpcap?

I run in on my xp machine (among other tools) and had no issues so far. I can even run it with the latest version (3.5)
 
i dunno why i said 9x... i have tried running it in 2000, and have had so many problems...

i may try it one more time tho
 
What is GFI's LanGuard?

And yeah, I wasn't able to get nmap working on my computer. I am not certain if I need to open up any ports on my computer or what. I've tried both the command line version, and the gui version, and I both got the same result:

Starting nmap V. 3.00 ( www.insecure.org/nmap )
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap run completed -- 1 IP address (0 hosts up) scanned in 60 seconds
Click to expand...
 
Ugh... mind giving me a quick rundown of the program so I know what I'm looking at? Hehe. I have it installed, seems like a cool program though.
 
Was thinking..

do you have a software firewall installed? I have one installed and i need to turn it off everytime i scan something.

Here are sample results of a scan of my cisco AP1200

Starting nmap 3.48 ( http://www.insecure.org/nmap ) at 2004-02-07 12:02 Pacific Standard Time
Interesting ports on 10.10.10.250:
(The 1655 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
Device type: router
Running: Cisco IOS 12.X
OS details: Cisco 801/1720 router running IOS 12.2.8
Nmap run completed -- 1 IP address (1 host up) scanned in 12.778 seconds

It was able to figure out two ports that are open (22, 80) and the what o/s its running.

Hope this helps.

Also, GFI languard is what we call a commercial vulnerability assesment tool. It runs on windows and is pretty neat. you can try it for 30 days and then it removes some of the advanced feature, but most of the features you need are still available for free.

www.gfi.com
 
I currently have no software firewalls installed. I have installed them after just to test what I want to place on my server, but they're not even on, and I am not running Internet Connection Firewall... This is why I am being lead to believe that it has to do with something through my router, but I'm not sure what, because it tells me that the host I'm trying to scan does not allow ICMP packets... and yet at the same time I am able to ping it just fine. I try adding -P0 to it and it still refuses to work for me. I installed everything that the guide told me too, including that Windows thingy... I can't remember the name of it, but it's installed!
 
Here is what I got when I tried to scan local host [nmap -sS 127.0.0.1]

rawrecv_open: SIO_RCVALL failed (10022) on device loopback0

QUITTING!
Click to expand...

No go.
 
Originally posted by Darthkim
try scanning yourself (127.0.0.1) and see if it sees anything.
Click to expand...

you cant scan local host with nMap for windows, its some known bug
 
Originally posted by Punkrulz
What is GFI's LanGuard?

And yeah, I wasn't able to get nmap working on my computer. I am not certain if I need to open up any ports on my computer or what. I've tried both the command line version, and the gui version, and I both got the same result:
Click to expand...

Sounds to me like the host you're scanning drops all ICMP ping requests. A lot of hardened systems do that, just to help stay under the radar of many automated portscanners (hey, it fooled you, sucker! :p).

I'd say just do what it says--try running nmap -P0.

If using the GUI, and nmapwin is anything like xnmap under UNIX...just go to the "Discover" tab and check the "Don't ping" box (that checkbox may be in some other location in your version tho). I have to do this a lot in Linux anyways.
 
Punkrulz,

Your going to have to be specific about your server setup and home setup in order for anyone to make sense of what you are trying to accomplish here.

In one other thread you stated you wanted a firewall for your gaming server, yet you were trying to download and test Zonealarm and blackice on your computer to test it.

When asked a few questions in that thread about your setup, you only gave a partial public IP and no indication of the IP address have on your LAN systems that NMAP is on.

First we need to know the Client OS, IP address, NMAP version, WinPCAP version and any other scanning software you have tried along with the different settings you have tried. The network layout would also be nice to know as well as your ISP.

Secondly, we need to know the OS of the server you are trying to scan along with any configurations you may have made to harden it from attacks. The network setup of the server would be nice as in the other posting you lead me to believe this server is Co located elsewhere

Third, I think that if you wanted to do all of this security testing, it should have been done while you were setting up and configuring the server *before* it was placed online and exposed.

I don't mean to sound rude, but the information is necessary to figure out just why your unable to produce any useful scanning results.
 
WinCap and nmap on my computer are both the most recent off of the nmap website... I don't know the exact versions, but they are the most recent. I prefer not to give the server IP address for my own reservations about that. My windows is XP Pro, the server is Windows 2000 Server edition...

Secondly, my ISP is Comcast, and my computer and my sister's computer go through a Linksys BEFSR41, and then through our RCA Cable modem. I tried nmap before installing any firewalls, and with them installed I'm getting the same result. And, I am not certain of the network configuration of Server Beach, that's where it's being hosted, however I don't know how it's setup... all I know is it is possible, as my boss did an nmap on it through linux, something I don't have any readily access to.

Anything else?
 
Originally posted by Punkrulz
WinCap and nmap on my computer are both the most recent off of the nmap website... I don't know the exact versions, but they are the most recent. I prefer not to give the server IP address for my own reservations about that. My windows is XP Pro, the server is Windows 2000 Server edition...

Secondly, my ISP is Comcast, and my computer and my sister's computer go through a Linksys BEFSR41, and then through our RCA Cable modem. I tried nmap before installing any firewalls, and with them installed I'm getting the same result. And, I am not certain of the network configuration of Server Beach, that's where it's being hosted, however I don't know how it's setup... all I know is it is possible, as my boss did an nmap on it through linux, something I don't have any readily access to.

Anything else?
Click to expand...

Was your boss able to get anything from the NMAP scans? Also try using NMAP to scan your sisters computer to determine if there is a problem on your end. Be sure to disable any software firewalls on your computer and your sisters computer, you should receive some kind of reply and ports open on her computer. If you still receive the same message as before then it's a problem with the NMAP on your computer.
 
My boss, who is also a comcast user, was able to get every single port of which was open on the server without any issues... then again, he is also using the Linux distro. of nmap. When I try and do it on my sister's computer, it just hangs there after it says staring nmap 3.0...

How can I install nmap the best way and ensure that this will not be giving me any issues?
 
Originally posted by Punkrulz
My boss, who is also a comcast user, was able to get every single port of which was open on the server without any issues... then again, he is also using the Linux distro. of nmap. When I try and do it on my sister's computer, it just hangs there after it says staring nmap 3.0...

How can I install nmap the best way and ensure that this will not be giving me any issues?
Click to expand...

Pretty much you install WinPcap, then install NMAP as per the instructions. Without know alot more about the software and drivers on both computer systems, it's quite impossible to tell if you have any software conflicts. It could take awhile before you get NMAP working.

You might be best served to try using GFI Lanscan or SuperScanner

Both products will do port scanning, although GFI is more in depth with its capabilities than Superscan.
 
You must log in or register to reply here.
Back
Top