Join GitHub today
nmap shows TCP port 3128 open when it's not. #1338
I scanned a server today to make sure all ports were open after making host firewall changes. For some reason tcp/3128 showed up in the scan, rather unexpectedly. I checked the following to see if I could find any evidence that something had that port open:
I'm pretty comfortable at this point that tcp/3128 is not actually open on the server.
OS: macOS 10.14 (Mojave)
The port was "detected" on a Centos 7.5 Linux server.
If anyone has any other suggestions for looking for the port, I'm open to suggestions; otherwise this one looks much more like a false detection on the part of nmap than an actual port.
Nmap itself can give you more information about why it is saying the port is open. Try this command:
Port 3128 is often used by HTTP proxies, specifically Squid Proxy. There could be an intercepting proxy responding to outgoing connections. I've added port 22 to the previous command so we can compare the received IP TTL value for both ports and see if there is a difference, which would indicate that the response is being spoofed. You can also compare results between the