[H-GEN] nmap UDP scanning

Hilton Travis Hilton at QuarkAV.com
Fri Dec 20 22:11:05 EST 2002 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

Hi Robert,

On Sat, 2002-12-21 at 12:03, Robert Brockway wrote:
> On 21 Dec 2002, Hilton Travis wrote:
> 
> > Has anyone else noticed that using nmap to scan a single UDP port on any
> > system will result in the following report:
> >
> > [root at sirlancelot /tmp]# nmap -sU -p 10000 -T insane 192.0.2.1
> >
> > Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
> > Interesting ports on (192.168.69.1):
> > Port       State       Service
> > 23/udp     open        unknown
> >
> > Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
> 
> Using nmap 2.54BETA31 I'm getting reports of closed using the command line
> you mention above.  The hosts I tried are on my lan, and therefore no
> firewall is between them and I.

I tried this with nmap ver 3.00 on my system, and a mate tried with nmap
2.54Beta[something] and we got the same results.  We also tried this by
scanning another host on the Internet known to have this port closed,
with the same result.

> > I assume this has something to do with the fact that TCP is a
> > connection-oriented protocol, whereas UDP is connectionless.

I suppose there's a configuration option on the target machine that will
result in incorrect results being reported.  If the target machine
replies that the port does not exist, the port will be reported as
"closed".  If no response is detected, it is reported as "open".

> > Does anyone have any other way to scan a target's UDP ports and get back
> > a report that is valid?
> 
> Use another version of nmap? :)

heh

I was wondering if there was a more reliable way of scanning UDP - but I
suppose that since its connectionless, its difficult.

-- 

Regards,

Hilton Travis                   Email: Hilton at QuarkAV.com
Manager                         Phone: +61-(0)7-3343-3889
Quark AudioVisual               Phone: +61-(0)419-792-394
Quark Computers
(Brisbane, Australia)            http://www.QuarkAV.com/

Non Linear Video Editing Solutions & Digital Audio Workstations
 Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
  Conference and Seminar AudioVisual Production and Recording


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list