-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nmap stuck in loop on connect scan #2811
Comments
From the Log and command, I understood two things. The first one is the host "192.168.0.2" typically dropping the ping prob For the "192.168.0.3" host, it's not responding again it could be IDS. For further encounters, I would prefer you to see the packets using Wireshark. |
Going further on @ermias19 response, can you make sure that no such system is in place and that this is solely a nmap issue? |
This scan was performed as part of an engagement in a client network, which I no longer have access to. There might have been an IDS system in place. Sadly I do not have a network packet capture, which would have helped identify the behavior. I believe the behavior is not reasonable or acceptable as a default within nmap, even if an IDS is encountered. After thousands and thousands of retries for a single port, nmap should give up, without the need to specify a host timeout which would hurt scans for slow hosts. |
Describe the bug
I've tried running nmap with the following command:
nmap --resolve-all -p- -sV -sC -vvv -Pn -oX output.xml -oN output -iL ../scope -d2 -sT
nmap appears to be stuck sending probes to two ports, the output in the terminal was as folllows:
I've had this scan running for 63 hours. I've only included the ending of the output as these messages have been repeated over and over again over the course of more than 48 hours, with no seeming progress besides the change in time and percentage done. For privacy reasons I changed the actual public IPs with private IPs. Is this the expected behavior if max-retries or host-timeout is not specified?
The two scanned ports should be detected as open, but a firewall might be in place and blocking some probes. At the moment I force, closed the process the ports were accessible (tested with nc). I have the beginning of the output as well if this helps with debugging.
Version info
Latest at the time of writing, compiled from the repository.
Nmap version 7.94SVN ( https://nmap.org )
Platform: x86_64-unknown-linux-gnu
Compiled with: nmap-liblua-5.4.6 openssl-1.1.1f nmap-libssh2-1.11.0 libz-1.2.11 libpcre2-10.34 libpcap-1.9.1 nmap-libdnet-1.12 ipv6
The text was updated successfully, but these errors were encountered: