Wednesday, February 27, 2019

why does everybody fucking calls u nerds ?...on the banking facility..check out for ARP(ing) port 80 on their network...let's rock this city!

When this command runs nmap tries to ping the given IP address range to check if the hosts are alive. If ping fails it tries to send syn packets to port 80 (SYN scan). This is not hundred percent reliable because modern host based firewalls block ping and port 80. Windows firewall blocks ping by default. The hosts you have on the network are blocking ping and the port 80 is not accepting connections. Hence nmap assumes that the host is not up.
So is there a workaround to this problem?
Yes. One of the options that you have is using the -P0 flag which skips the host discovery process and tries to perform a port scan on all the IP addresses (In this case even vacant IP addresses will be scanned). Obviously this will take a large amount of time to complete the scan even if you are in a small (20-50 hosts) network. but it will give you the results.
The better option would be to specify custom ports for scanning. Nmap allows you to probe specific ports with SYN/UDP packets. It is generally recommended to probe commonly used ports e.g. TCP-22 (ssh) or TCP-3389 (windows remote desktop) or UDP-161 (SNMP).
sudo nmap -sP -PS22,3389 192.168.2.1/24 #custom TCP SYN scan
sudo nmap -sP -PU161 192.168.2.1/24 #custom UDP scan
N.B. even after specifying custom ports for scanning you may not get an active host. A lot depends on how the host is configured and which services it is using. So you just have keep probing with different combinations.Remember, do not performs scans on a network without proper authorization.
update: When scanning a network you can never be sure that a particular command will give you all the desired results. The approach should be to start with basic ping sweep and if it doesn't work try guessing the applications that may be running on the hosts and probe the corresponding ports. The idea of using Wireshark is also interesting. You may want to try sending ACK packets.
nmap -sP -PA21,22,25,3389 192.168.2.1/24 #21 is used by ftp
update two: The flags -sP and -P0 are now known as -sn and -Pn respectively. However the older flags are still found to be working in the newer versions.
SECURITY.STACKEXCHANGE.COM
How to find live hosts on my network?
I am trying to find the live hosts on my network using nmap. I am scanning the network in Ubuntu using the command sudo nmap -sP 192.168.2.1/24. However, I am unable to find the live hosts. I just ...

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)