±Forensic Focus Partners
±Your Account

![]() |
![]() |
![]() |
![]() |
±Latest Articles
±Latest Jobs
±Latest Webinars
Back to top
Skip to content
Skip to menu
Back to top
Back to main
Skip to menu
Back to top
Back to main
Back to content
Linux Scanning and Discovery technique problems
Go to page 1, 2 NextLinux Scanning and Discovery technique problems
Posted: Mon Jan 14, 2013 2:45 pm
Hi,
I am using scanning tools such as Nmap to identify vulnerable ports on remote Linux systems on the local network. I have virtualbox on my Windows 7 host where I have two Linux VM's that I am testing these techniques between. The two virtual machines are Fedora 14 and Backtrack R2 V5. When I scan these two VM's, according to Nmap all ports are filtered and not in use, but when I use netstat locally on them I can see available open ports such are 111 (SunRPC). Can anyone figure out why I can't see these available ports remotely?
Thanks
I am using scanning tools such as Nmap to identify vulnerable ports on remote Linux systems on the local network. I have virtualbox on my Windows 7 host where I have two Linux VM's that I am testing these techniques between. The two virtual machines are Fedora 14 and Backtrack R2 V5. When I scan these two VM's, according to Nmap all ports are filtered and not in use, but when I use netstat locally on them I can see available open ports such are 111 (SunRPC). Can anyone figure out why I can't see these available ports remotely?
Thanks
-
dougie1809 - Member
Re: Linux Scanning and Discovery technique problems
Posted: Mon Jan 14, 2013 2:50 pm
What sort of networking do you have set up in VirtualBox?
Can you ping either box?
Can you ping either box?
-
keydet89 - Senior Member
Re: Linux Scanning and Discovery technique problems
Posted: Mon Jan 14, 2013 2:57 pm
I have bridged the two VM's to the local network so they have their own IP address.
Yes I can ping the two VM's from the host Windows 7, and the two VM's can also ping each other.
Yes I can ping the two VM's from the host Windows 7, and the two VM's can also ping each other.
-
dougie1809 - Member
Re: Linux Scanning and Discovery technique problems
Posted: Mon Jan 14, 2013 3:34 pm
What command line are you using to run nmap?
Is there a firewall enabled on either VM, or on the system from which you're scanning?
Is there a firewall enabled on either VM, or on the system from which you're scanning?
-
keydet89 - Senior Member
Re: Linux Scanning and Discovery technique problems
Posted: Mon Jan 14, 2013 4:46 pm
I'm running arguments such as -sS (for TCP scan), sU (UDP scan) and the IP network address prefix (192.1.168.1.0/24) which scan's this home network, it successively identifies the VM's (host is up), and scans the default 1000 ports without specifying what ports to scan. But all ports are filtered?
I have Avira installed on the host Win7, but no such firewall or ani-virus software on the VM's.
Thanks
I have Avira installed on the host Win7, but no such firewall or ani-virus software on the VM's.
Thanks
-
dougie1809 - Member
Re: Linux Scanning and Discovery technique problems
Posted: Mon Jan 14, 2013 4:59 pm
BT by default has no open ports and boots with networking disabled, you have to bring the eth0 interface up and get an IP.
The reason that you are getting crap results is because you're using -sU to specify a UDP scan. Try this:
On your BT bring up the interface and get an IP, then start apache:
service apache2 start
Then try scanning the eth0 interface:
nmap 192.168.0.10 (or whatever)
You should get a response from port 80, then try some fun options:
nmap 192.168.0.10 -sV
nmap 192.168.0.10 -sC
nmap 192.168.0.10 -O
Avoid using the -sU switch for now, and dont mix options while you're learning how it works, I recommend some background reading from the nmap site.
You probably want to play with the various host discovery options and tools available, the -sn -PM -PP -Pn switches in nmap for example, and tools such as arp-scan (which is bloody useful when hosts dont respond to ping). Apparently theres this thing called unicornscan as well and netcat makes a great emergency scanner.
The reason that you are getting crap results is because you're using -sU to specify a UDP scan. Try this:
On your BT bring up the interface and get an IP, then start apache:
service apache2 start
Then try scanning the eth0 interface:
nmap 192.168.0.10 (or whatever)
You should get a response from port 80, then try some fun options:
nmap 192.168.0.10 -sV
nmap 192.168.0.10 -sC
nmap 192.168.0.10 -O
Avoid using the -sU switch for now, and dont mix options while you're learning how it works, I recommend some background reading from the nmap site.
You probably want to play with the various host discovery options and tools available, the -sn -PM -PP -Pn switches in nmap for example, and tools such as arp-scan (which is bloody useful when hosts dont respond to ping). Apparently theres this thing called unicornscan as well and netcat makes a great emergency scanner.
-
Xennith - Senior Member
Re: Linux Scanning and Discovery technique problems
Posted: Thu Jan 17, 2013 12:35 pm
Thanks for the reply.
How do I go about changing the adapter to eth0 connection? Because I had internet connection when I created the VM's from virtualbox.
When I do service apache2 start, I get the following error:
"apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName"
I dont understand why apache is using 127.0.1.1 when it should be 127.0.0.1?
Thanks
How do I go about changing the adapter to eth0 connection? Because I had internet connection when I created the VM's from virtualbox.
When I do service apache2 start, I get the following error:
"apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName"
I dont understand why apache is using 127.0.1.1 when it should be 127.0.0.1?
Thanks
-
dougie1809 - Member