Nmap find open TCP/IP ports for a target that is blocking ping

nmap -sT -PN -vv <target ip>
Change the IP address from 127.0.0.1 to the target machines ip address. Even if the target has ICMP (ping) blocked, it will show you what ports are open on the target. Very handy for situations where you know the target is up and online but wont respond to pings.
Sample Output
Starting Nmap 5.00 ( http://nmap.org ) at 2011-07-21 19:21 PDT
NSE: Loaded 0 scripts for scanning.
Initiating Connect Scan at 19:21
Scanning localhost (127.0.0.1) [1000 ports]
Discovered open port 111/tcp on 127.0.0.1
Discovered open port 993/tcp on 127.0.0.1
Discovered open port 25/tcp on 127.0.0.1
Discovered open port 995/tcp on 127.0.0.1
Discovered open port 113/tcp on 127.0.0.1
Discovered open port 143/tcp on 127.0.0.1
Discovered open port 21/tcp on 127.0.0.1
Discovered open port 110/tcp on 127.0.0.1
Discovered open port 22/tcp on 127.0.0.1
Discovered open port 1984/tcp on 127.0.0.1
Discovered open port 465/tcp on 127.0.0.1
Discovered open port 5432/tcp on 127.0.0.1
Discovered open port 3333/tcp on 127.0.0.1
Discovered open port 10025/tcp on 127.0.0.1
Discovered open port 8333/tcp on 127.0.0.1
Discovered open port 10024/tcp on 127.0.0.1
Discovered open port 2401/tcp on 127.0.0.1
Completed Connect Scan at 19:21, 0.14s elapsed (1000 total ports)
Host localhost (127.0.0.1) is up (0.00092s latency).
Scanned at 2011-07-21 19:21:55 PDT for 0s
Interesting ports on localhost (127.0.0.1):
Not shown: 983 closed ports
PORT      STATE SERVICE
21/tcp    open  ftp
22/tcp    open  ssh
25/tcp    open  smtp
110/tcp   open  pop3
111/tcp   open  rpcbind
113/tcp   open  auth
143/tcp   open  imap
465/tcp   open  smtps
993/tcp   open  imaps
995/tcp   open  pop3s
1984/tcp  open  bigbrother
2401/tcp  open  cvspserver
3333/tcp  open  dec-notes
5432/tcp  open  postgresql
8333/tcp  open  unknown
10024/tcp open  unknown
10025/tcp open  unknown

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds

0
By: Richie086
2011-07-22 02:37:19

These Might Interest You

  • Where < target > may be a single IP, a hostname or a subnet -sS TCP SYN scanning (also known as half-open, or stealth scanning) -P0 option allows you to switch off ICMP pings. -sV option enables version detection -O flag attempt to identify the remote operating system Other option: -A option enables both OS fingerprinting and version detection -v use -v twice for more verbosity. nmap -sS -P0 -A -v < target >


    18
    nmap -sS -P0 -sV -O <target>
    starchox · 2009-02-18 07:32:03 4
  • Scan for open ports on the target device/computer (192.168.0.10) while setting up a decoy address (192.168.0.2). This will show the decoy ip address instead of your ip in targets security logs. Decoy address needs to be alive. Check the targets security log at /var/log/secure to make sure it worked.


    7
    sudo nmap -sS 192.168.0.10 -D 192.168.0.2
    sedcommand · 2009-07-14 17:37:34 0
  • Usefull for when you don't have nmap and need to find a missing host. Pings all addresses from 10.1.1.1 to 10.1.1.254, modify for your subnet. Timeout set to 1 sec for speed, if running over a slow connection you should raise that to avoid missing replies. This will clean up the junk, leaving just the IP address: for i in {1..254}; do ping -c 1 -W 1 10.1.1.$i | grep 'from' | cut -d' ' -f 4 | tr -d ':'; done Show Sample Output


    15
    for i in {1..254}; do ping -c 1 -W 1 10.1.1.$i | grep 'from'; done
    SuperJediWombat · 2010-04-07 16:57:53 0
  • Nmap will list all IP's in the target specified, can specify subnet or range of IP addresses. It will attempt to resolve all IP's listed. No packets sent to target only generates DNS queries. Show Sample Output


    0
    nmap -sL 74.125.237.1/24
    the_wanderer · 2012-05-30 00:51:20 0

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands



Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: