Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nmap stuck in loop on connect scan #2811

Open
RaduNico opened this issue Apr 2, 2024 · 1 comment
Open

Nmap stuck in loop on connect scan #2811

RaduNico opened this issue Apr 2, 2024 · 1 comment
Labels
Nmap

Comments

@RaduNico
Copy link

RaduNico commented Apr 2, 2024

Describe the bug
I've tried running nmap with the following command:
nmap --resolve-all -p- -sV -sC -vvv -Pn -oX output.xml -oN output -iL ../scope -d2 -sT

nmap appears to be stuck sending probes to two ports, the output in the terminal was as folllows:

[...]
Connect Scan Timing: About 95.33% done; ETC: 14:33 (3:05:42 remaining)
Ultrascan PING SENT to 192.168.0.2 [connect to port 995]
Ultrascan GLOBAL PING SENT to 192.168.0.3 [connect to port 443]
Ultrascan PING SENT to 192.168.0.3 [connect to port 443]
Ultrascan DROPPED PING probe packet to 192.168.0.2 detected
Ultrascan PING SENT to 192.168.0.2 [connect to port 995]
Ultrascan DROPPED PING probe packet to 192.168.0.2 detected
Ultrascan GLOBAL PING SENT to 192.168.0.3 [connect to port 443]
Ultrascan PING SENT to 192.168.0.3 [connect to port 443]
Ultrascan PING SENT to 192.168.0.2 [connect to port 995]
Ultrascan DROPPED PING probe packet to 192.168.0.2 detected
Connect Scan Timing: About 95.33% done; ETC: 14:33 (3:05:42 remaining)
Ultrascan PING SENT to 192.168.0.2 [connect to port 995]
Ultrascan DROPPED PING probe packet to 192.168.0.2 detected
Ultrascan GLOBAL PING SENT to 192.168.0.3 [connect to port 443]
Ultrascan PING SENT to 192.168.0.3 [connect to port 443]
Ultrascan PING SENT to 192.168.0.2 [connect to port 995]
Ultrascan DROPPED PING probe packet to 192.168.0.2 detected
Ultrascan PING SENT to 192.168.0.2 [connect to port 995]
Ultrascan DROPPED PING probe packet to 192.168.0.2 detected
Connect Scan Timing: About 95.33% done; ETC: 14:34 (3:05:42 remaining)
Ultrascan GLOBAL PING SENT to 192.168.0.3 [connect to port 443]
Ultrascan PING SENT to 192.168.0.3 [connect to port 443]
Ultrascan PING SENT to 192.168.0.2 [connect to port 995]
Ultrascan DROPPED PING probe packet to 192.168.0.2 detected
Ultrascan PING SENT to 192.168.0.2 [connect to port 995]
Ultrascan DROPPED PING probe packet to 192.168.0.2 detected
Ultrascan GLOBAL PING SENT to 192.168.0.3 [connect to port 443]
Ultrascan PING SENT to 192.168.0.3 [connect to port 443]
Connect Scan Timing: About 95.34% done; ETC: 14:34 (3:05:41 remaining)
Ultrascan PING SENT to 192.168.0.2 [connect to port 995]
Ultrascan DROPPED PING probe packet to 192.168.0.2 detected
Ultrascan PING SENT to 192.168.0.2 [connect to port 995]
Ultrascan DROPPED PING probe packet to 192.168.0.2 detected
Ultrascan GLOBAL PING SENT to 192.168.0.3 [connect to port 443]
Ultrascan PING SENT to 192.168.0.3 [connect to port 443]
Stats: 63:19:30 elapsed; 4 hosts completed (14 up), 10 undergoing Connect Scan
Connect Scan Timing: About 95.34% done; ETC: 14:35 (3:05:41 remaining)
Current sending rates: 1.10 packets / s.

I've had this scan running for 63 hours. I've only included the ending of the output as these messages have been repeated over and over again over the course of more than 48 hours, with no seeming progress besides the change in time and percentage done. For privacy reasons I changed the actual public IPs with private IPs. Is this the expected behavior if max-retries or host-timeout is not specified?

The two scanned ports should be detected as open, but a firewall might be in place and blocking some probes. At the moment I force, closed the process the ports were accessible (tested with nc). I have the beginning of the output as well if this helps with debugging.

Version info

Latest at the time of writing, compiled from the repository.

Nmap version 7.94SVN ( https://nmap.org )
Platform: x86_64-unknown-linux-gnu
Compiled with: nmap-liblua-5.4.6 openssl-1.1.1f nmap-libssh2-1.11.0 libz-1.2.11 libpcre2-10.34 libpcap-1.9.1 nmap-libdnet-1.12 ipv6
@RaduNico RaduNico added the Nmap label Apr 2, 2024
@ermias19
Copy link

ermias19 commented Apr 7, 2024

From the Log and command, I understood two things. The first one is the host "192.168.0.2" typically dropping the ping prob bash Ultrascan **DROPPED PING probe** packet to 192.168.0.2 detected, As you mentioned it could be some Intrusion Detection System that makes the packet not to pass or other network security mechanism.

For the "192.168.0.3" host, it's not responding again it could be IDS. For further encounters, I would prefer you to see the packets using Wireshark.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Nmap
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RaduNico @ermias19