Reputation: 1551
Why nmap is giving me different results than Python when scanning ports?
I'm pentester-student and I very much like to complement tasks with Python version of it.
I've got a vulnerable box with IP 192.168.41.2 and port scanning with nmap resulted in:
nmap -T4 -p- 192.168.41.2
Starting Nmap 7.91 ( https://nmap.org ) at 2021-07-27 15:13 EDT
Nmap scan report for 192.168.41.2
Host is up (0.00024s latency).
All 65535 scanned ports on 192.168.41.2 are closed
MAC Address: 00:50:56:EA:44:EB (VMware)
Nmap done: 1 IP address (1 host up) scanned in 2.72 seconds
Telling me there are no open ports. Then I check the results with Python script:
from scapy.all import *
import argparse
parser = argparse.ArgumentParser()
parser.add_argument('ip')
args = parser.parse_args()
ip = args.ip
ports = [i for i in range(65535)]
def synScan(host):
resp, _ = sr(IP(dst=host)/TCP(sport=5555, dport=ports, flags='S'), timeout=2, verbose=0)
print(f'Open ports on {host}:\n')
for s, r in resp:
if s[TCP].dport == r[TCP].sport:
print(f'TCP Port {s[TCP].dport} is open.')
synScan(ip)
script executed by running python3 port_scanner.py 192.168.41.2 which resulted in:
Open ports on host 192.168.41.2:
TCP Port 0 is open.
TCP Port 1 is open.
TCP Port 2 is open.
TCP Port 3 is open.
TCP Port 4 is open.
TCP Port 5 is open.
TCP Port 6 is open.
TCP Port 7 is open.
TCP Port 8 is open.
TCP Port 9 is open.
TCP Port 10 is open.
TCP Port 11 is open.
TCP Port 12 is open.
TCP Port 13 is open.
TCP Port 14 is open.
TCP Port 15 is open.
TCP Port 16 is open.
TCP Port 17 is open.
TCP Port 18 is open.
TCP Port 19 is open.
TCP Port 20 is open.
TCP Port 21 is open.
TCP Port 22 is open.
TCP Port 23 is open.
TCP Port 24 is open.
...
...
My question is which scan I should trust more ? Nmap is very popular network scanner and scapy is pretty popular too but here you see the results.
Upvotes: 1
Views: 1274
Answers (1)
Reputation: 3900
The scapy script concludes that the port is open if you receive an answer to a SYN packet. This is wrong. For example, if the answer is an RST packet, the port is closed. This script rather tells if the port is filtered.
So if you want to use scapy you'll also have to check that the answer packet has the SYN packet also set.
Upvotes: 4
Related Questions
- Why am i getting different results after port scanning my own IP multiple times
- SCAPY port scanner
- Python nmap not showing hosts
- Why Python-Nmap cannot scan Localhost but Socket can do it?
- Port scanner in python is not working properly
- Python subprocess nmap output different from terminal command
- NMAP Service Information
- Using nmap library in Python program
- TCP port scanner written in Python using Scapy yields no response
- Problems with python scapy portscanner