• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Nmap guide for a beginner (who has read StormHawk's own)

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Beginners // Misc. Computer Questions

View previous topic :: View next topic  
Author Message
Tyrexionibus
Just Arrived
Just Arrived


Joined: 31 Dec 2007
Posts: 0


Offline

PostPosted: Mon Dec 31, 2007 5:06 pm    Post subject: Nmap guide for a beginner (who has read StormHawk's own) Reply with quote

Well, what I want to do is a Nmap scan of all my ISP's IP range to detect if some ports are open.

My IP begins with 87.19, so the IP range I want to scan is 87.19.1-254.1-254

The problem comes when I give Nmap the commands. Here is my typical scan:

# nmap -PS -p 1243,6711-6713,6776,27374 -r 87.19.1-254.1-254

First of all, I don't understand the following lines:

Warning: File ./nmap-services exists, but Nmap is using /usr/local/share/nmap/nmap-services for security and consistency reasons. set NMAPDIR=. to give priority to files in your local directory (may affect the other data files too).

But the end is always the same:

# Nmap done at Mon Dec 31 14:04:34 2007 -- 64516 IP addresses (0 hosts up) scanned in 12998.940 seconds

0 hosts up! And no ports are open! That's impossible.

What am I doing wrong ?
Back to top
View user's profile Send private message
amax
Just Arrived
Just Arrived


Joined: 31 Dec 2007
Posts: 0
Location: Hamilton, Ontario, Canada

Offline

PostPosted: Mon Dec 31, 2007 11:45 pm    Post subject: Reply with quote

First of all - what do you mean by "Stormhawks Own"?

I'm not much into it but it sounds to me that this is some kind of gaming typa thangy.

nmap is a networking tool & is usually associated with the UNIX/Linux crowd although it has been ported to the Windows group.

Unlike in UNIX/Linux, nmap in Windows needs to be configured a bit;

Try this site to see if it can help you:

http://insecure.org/nmap/install/inst-windows.html

Also, your address declaration is incorrect - try 87.19.1.1 - 87.19.1.254 - this will give nmap the proper range & be prepared for a bit of a wait & a long read out for the different port declarations for each & every address which is active within that range - this would take a while in UNIX/Linux let alone Windows.

Are you sure that you wouldn't rather direct this toward the GNU/UNIX/Linux group?

Sincerely,
~A~
Back to top
View user's profile Send private message
Groovicus
Trusted SF Member
Trusted SF Member


Joined: 19 May 2004
Posts: 9
Location: Centerville, South Dakota

Offline

PostPosted: Tue Jan 01, 2008 1:04 am    Post subject: Reply with quote

StormHawk is one of our members/frequent contrinutors. The guide is one he wrote, and were it not for some funky forum glitch, I could link you to it.
Back to top
View user's profile Send private message Visit poster's website
amax
Just Arrived
Just Arrived


Joined: 31 Dec 2007
Posts: 0
Location: Hamilton, Ontario, Canada

Offline

PostPosted: Tue Jan 01, 2008 1:43 am    Post subject: Reply with quote

Hello Groovicus,

Mea Culpa for 'dissing' the name "StormHawk".

Obviously, as the tag signifies, I am a 'newbie' as far as this forum is concerned & have yet to recognize the "movers" 'n "shakers"" within this community.

Since I run a Linux system @ home by choice & have to work with Windows on the Job, I'm often called upon to interpret apps that have been imported from UNIX/Linux to Windows - they don't seem to be as friendly as Windows Users would like them to be, especially those 'admins' that insist on GUI & are uncomfortable with CLI.

I was merely trying to answer Tyrexionibus's question & not knowing what system he was using, responded as generically as I could.

BTW, I like your tag - like mine?
Back to top
View user's profile Send private message
Groovicus
Trusted SF Member
Trusted SF Member


Joined: 19 May 2004
Posts: 9
Location: Centerville, South Dakota

Offline

PostPosted: Tue Jan 01, 2008 5:00 pm    Post subject: Reply with quote

Smile

I wasn't being critical. Obviously you have no way of knowing, I was trying to link you to the guide, but the forum would not let me do it.

Welcome to the forums.
Back to top
View user's profile Send private message Visit poster's website
Tyrexionibus
Just Arrived
Just Arrived


Joined: 31 Dec 2007
Posts: 0


Offline

PostPosted: Tue Jan 01, 2008 8:58 pm    Post subject: Reply with quote

It seems like I made a little confusion in this thread.

I am running Nmap 4.50 on Mac OS X 10.5 Leopard.

The range I declare is:

87.19.1-254.1-254

i.e. it will scan from

87.19.1.1

to

87.19.254.254

including all mid-IP addresses

My problem, just to be short, can be explained in 2 questions:

1) Why does Nmap say that no hosts are up ?
2) Why does Nmap say that no ports are open ?

Also, if I am wrongly declaring some commands (like -PS or -sS) please let me know by posting a correct "sequence".

Stormhawk's Nmap guide is available in one of these forums.
Back to top
View user's profile Send private message
amax
Just Arrived
Just Arrived


Joined: 31 Dec 2007
Posts: 0
Location: Hamilton, Ontario, Canada

Offline

PostPosted: Wed Jan 02, 2008 4:26 am    Post subject: Reply with quote

First of all - a Happy New Year to you all

Thank you to Groovicus & Trexionibus for the warm welcome & heads-up on stuff.

BTW, Trexionibus, I congratulate you on your choice of equipment & OS - MAC is truely a superior platform & long under-rated. Too bad that it is usually more expensive than the X-86 equipment that has flooded the market, but then, true quality is worth it.

Now, I tried nmap on the address group & I came up with a host down message also.

Even using the nmap -P0 87.19.1.1 - .254 range yielded the eventual host down message. Is this a VPN you're trying to access? If so, then it's security parameters could be showing it as a "black hole" & not allowing ping queries or any queries of any kind.

This is a readout from a "whois" enquiry of 87.19.1.1:

% Information related to '87.16.0.0 - 87.23.255.255'

inetnum: 87.16.0.0 - 87.23.255.255
netname: TELECOM-ADSL-8
descr: Telecom Italia S.p.A. TIN EASY LITE
country: IT
admin-c: BS104-RIPE
tech-c: BS104-RIPE
status: ASSIGNED PA
mnt-by: TIWS-MNT
mnt-lower: TIWS-MNT
mnt-routes: TIWS-MNT
source: RIPE # Filtered

person: BBBEASYIP STAFF
address: MDBLAB
address: Via Val Cannuta, 250
address: I-00100 Roma
address: Italy
phone: +39 06 36881
e-mail: ripe-staff@telecomitalia.it
nic-hdl: BS104-RIPE
source: RIPE # Filtered

% Information related to '87.18.0.0/15AS3269'

route: 87.18.0.0/15
descr: INTERBUSINESS
origin: AS3269
mnt-by: TIWS-MNT
mnt-routes: INTERB-MNT
source: RIPE # Filtered

As you can see, it doesn't pinpoint your actual address but merely include it within an address cluster - who are these guys?

I realize that you've stated that it's your ISP, but they may have stealth security loaded to the hilt.

Whoever they are, they don't want to be found.

Sincerely,

~A~
Back to top
View user's profile Send private message
Tyrexionibus
Just Arrived
Just Arrived


Joined: 31 Dec 2007
Posts: 0


Offline

PostPosted: Wed Jan 02, 2008 12:53 pm    Post subject: Reply with quote

Yes, that's all true - 87.19.*.* is the IP range of my ISP, Telecom Italia.

Known for much vulnerabilities of their users, for which TI has forced a firewall into the modems and routers they rent from the ISP. And here comes a strange company policy:

When ADSL first broke out in the "available-to-all" consumer market (in 2002), an ADSL modem cost about 100 or more --> no one could approach to buy one. So Telecom Italia launched a policy of "rent-a-modem" for 5 a month. But their firmware was LOCKED! This meant, mainly, no port forwarding available --> no gaming in many servers which required it.

Until ca. 2004, Telecom Italia's modems had a useless-like firewall inside, I mean: packet and port filtering was not active -- and no one could change the settings!

Now that the modems/routers cost much less, many people have bought their one. But the majority of people (millions, I mean) who had agreed to a contract in 2002 still have their 2002 modems, with no firewalling and port/packet filtering !

So my primary question is: to test my Nmap, I'd like to see if the above-described ports (the SubSeven ones) are open in the TI's range.

But my scan fails everytime.

In short, I want to do the following:

- Launch a scan on a IP
- Ping that IP to see if it is online (I don't want to scan offline hosts)
- Scan that IP's ports

The -P0 command just considers that all hosts are online, but that's untrue. I haven't found a "ping and do no more" command in doing nmap --help .

So what's the matter ?

Tyrexionibus

P.S.:
Quote:
(amax) BTW, Trexionibus, I congratulate you on your choice of equipment & OS - MAC is truely a superior platform & long under-rated.


I've been a Windows user for long time before passing to OS X. Windows has just bored me with all the features copied from another OS (like ipconfig, tracert, nslookup and more from UNIX; the Post-it's of Vista from OS X Tiger and Leopard etc), the vulnerabilities which take a long time to be suppressed with a hotfix (while in UNIX-derived systems it is done almost immediately) and so on. The main problem is that, in OS X, all costs more than in Windows. The only exception to this is the... Operating System itself: Leopard just costs 130 $/, while Windows Vista "the best" costs almost 900 .


mxb ~ removed accidental dupes
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Beginners // Misc. Computer Questions All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register