-
problem with nmap
Hi guys, I am having problems with nmap on osx. I use nmap on kali almost daily, and it works fine, but every time I run a scan from the osx side, I receive results showing all hosts are up and the same exact ports open on every box. I emptied the arp cache, turned off the firewall, stopped av, and I still get these results. Also, if I NAT kali, I get these erroneous results, but if I bridge it, everything works fine. Here is an example of the output:
Nmap scan report for 192.168.1.250
Host is up (0.0079s latency).
Not shown: 993 filtered ports
PORT STATE SERVICE
80/tcp open http
110/tcp open pop3
143/tcp open imap
993/tcp open imaps
995/tcp open pop3s
3128/tcp open squid-http
8080/tcp open http-proxy
Nmap scan report for 192.168.1.251
Host is up (0.0060s latency).
Not shown: 993 filtered ports
PORT STATE SERVICE
80/tcp open http
110/tcp open pop3
143/tcp open imap
993/tcp open imaps
995/tcp open pop3s
3128/tcp open squid-http
8080/tcp open http-proxy
Nmap scan report for 192.168.1.252
Host is up (0.0069s latency).
Not shown: 993 filtered ports
PORT STATE SERVICE
80/tcp open http
110/tcp open pop3
143/tcp open imap
993/tcp open imaps
995/tcp open pop3s
3128/tcp open squid-http
8080/tcp open http-proxy
Nmap scan report for 192.168.1.253
Host is up (0.0071s latency).
Not shown: 993 filtered ports
PORT STATE SERVICE
80/tcp open http
110/tcp open pop3
143/tcp open imap
993/tcp open imaps
995/tcp open pop3s
3128/tcp open squid-http
8080/tcp open http-proxy
Nmap scan report for 192.168.1.254
Host is up (0.0060s latency).
Not shown: 993 filtered ports
PORT STATE SERVICE
80/tcp open http
110/tcp open pop3
143/tcp open imap
993/tcp open imaps
995/tcp open pop3s
3128/tcp open squid-http
8080/tcp open http-proxy
Nmap scan report for 192.168.1.255
Host is up (0.0035s latency).
Not shown: 993 filtered ports
PORT STATE SERVICE
80/tcp open http
110/tcp open pop3
143/tcp open imap
993/tcp open imaps
995/tcp open pop3s
3128/tcp open squid-http
8080/tcp open http-proxy
Nmap done: 256 IP addresses (256 hosts up) scanned in 85.00 seconds
There are only 3 boxes on this subnet, and none of them are running these services.
-
Not sure if the defaults for nmap scan are same for osX and Kali. Paste here the exact command you are running (can mask IP's).
Make sure you run it under root user.
-
Hi m@kh@ck3r,
I had a similar problem and I was able to determine that it may have been either a configuration or network issue. The first step I took was to check the networking setting in virtualbox. They were incorrect, I had to adjust it to be connected via a bridged adapter to my network card. I then started Kali Linux in virtualbox and configured my ip address. The nmap scan then returned correct results. If I had to say what cause the 256 hosts to be up on the scan, I would say that nmap was using the loopback interface to the scan.
I hope this helps
-
It's strange because it looks like you've search with a /24 address but it's given open ports on .255 address. .255 is generally a broadcast address.
What did you search exactly?
Also, my best advice is stay away from macs. just my opinion however.