No results when whole range of port scans and rate is low #365

LuD1161 · Jul 19, 2018

Hi everyone,

I am having a weird situation here.

I don't get any results when masscan is used to scan all the 65535 ports however, if I scan specific ports I do get the output.

What all have I tried

I have tried this but in vain.
I have switched VPSes between AWS and Digital Ocean.
Tried it on ubuntu 16.04 ( AWS and digital ocean )
Tried it on arch linux ( AWS and digital ocean )
Tried it on my local system kali 2018.2
Built it from the repo
Also installed it from repositories in kali
Tried fiddling with --rate and --wait parameter ( I thought maybe the packets receiving was taking long )

But as I am here, you all could guess nothing worked.

Working Output for single port

masscan -iL ips.txt -p80,443,22,25

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:05:32 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 13 hosts [4 ports/host]
Discovered open port 443/tcp on 143.x.x.68                                  
Discovered open port 443/tcp on 143.x.x.129                                 
Discovered open port 80/tcp on 143.x.x.125                                  
Discovered open port 443/tcp on 143.x.x.10                                  
Discovered open port 443/tcp on 143.x.x.104                                 
Discovered open port 80/tcp on 52.x.x.130                                    
Discovered open port 443/tcp on 52.x.x.5                                     
Discovered open port 80/tcp on 143.x.x.129                                  
Discovered open port 443/tcp on 143.x.x.106                                 
Discovered open port 80/tcp on 143.x.x.106                                  
Discovered open port 80/tcp on 143.x.x.104                                  
Discovered open port 80/tcp on 52.x.x.20                                     
Discovered open port 443/tcp on 14x.x.29.2                                   
Discovered open port 80/tcp on 52.x.x.5                                      
Discovered open port 80/tcp on 143.x.x.68                                   
Discovered open port 443/tcp on 143.x.x.125                                 
Discovered open port 80/tcp on 52.x.x.35                                     
Discovered open port 80/tcp on 143.x.x.10                                   
Discovered open port 443/tcp on 52.x.x.35                                    
Discovered open port 443/tcp on 52.x.x.20                                    
Discovered open port 80/tcp on 143.x.x.2                                    
Discovered open port 443/tcp on 52.x.x.130                                   
Discovered open port 443/tcp on 143.x.29.69                                  
Discovered open port 80/tcp on 143.x.29.69

And when scanning the same with all the options gives no output

masscan -e eth0 --adapter-ip 159.x.x.147 --adapter-mac a6:b6:dc:2d:9b:d8 --router-mac 00:00:5e:00:11:3e --rate=1000 -iL .ips.txt -p80,443 -dd -oG masscan-results
pcap: found library: libpcap.so
pcap: pcap_dev_name: failed
pcap: pcap_dev_description: failed
pcap: pcap_dev_next: failed
pcap: pcap_sendqueue_alloc: failed
pcap: pcap_sendqueue_transmit: failed
pcap: pcap_sendqueue_destroy: failed
pcap: pcap_sendqueue_queue: failed
pfring: error: dlopen('libpfring.so'): No such file or directory
initializing adapter
pcap: libpcap version 1.8.1
pcap:'eth0': opening...
pcap:'eth0': successfully opened
adapter initialization done.
THREAD: xmit: starting thread #0

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:03:38 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 13 hosts [2 ports/host]
THREAD: status: starting thread
THREAD: recv: starting thread #0 0:00:00 remaining, found=0       
THREAD: recv: starting main loop
maxrate = 1000.00
THREAD: xmit done, waiting for receive thread to realize this
THREAD: xmit: stopping thread #0waiting 0-secs, found=0        
THREAD: recv: stopping thread #0waiting 0-secs, found=0       
THREAD: status: stopping thread waiting -1-secs, found=0

I tried with adding the --source-ip 192.168.1.200 but that also didn't work ( It was mentioned for banner grabbing here )

The same goes for scanning all 65535 ports with the above options or without it :

masscan -e eth0 --adapter-ip 159.x.x.147 --adapter-mac a6:b6:dc:2d:9b:d8 --router-mac 00:00:5e:00:11:3e --rate=1000 -iL ips.txt -p1-65535 --source-ip 192.168.1.200 -dd -oG masscan-results
pcap: found library: libpcap.so
pcap: pcap_dev_name: failed
pcap: pcap_dev_description: failed
pcap: pcap_dev_next: failed
pcap: pcap_sendqueue_alloc: failed
pcap: pcap_sendqueue_transmit: failed
pcap: pcap_sendqueue_destroy: failed
pcap: pcap_sendqueue_queue: failed
pfring: error: dlopen('libpfring.so'): No such file or directory
initializing adapter
pcap: libpcap version 1.8.1
pcap:'eth0': opening...
pcap:'eth0': successfully opened
adapter initialization done.

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:23:40 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 13 hosts [2 ports/host]
THREAD: status: starting thread
THREAD: recv: starting thread #0 0:00:00 remaining, found=0       
THREAD: recv: starting main loop
maxrate = 1000.00
THREAD: xmit done, waiting for receive thread to realize this
THREAD: xmit: stopping thread #0waiting 0-secs, found=0        
THREAD: recv: stopping thread #0waiting 0-secs, found=0       
THREAD: status: stopping thread waiting -1-secs, found=0

However as I was putting up this issue, I tried this and this shows some promising results ( perhaps ) :

 masscan -iL ips.txt -p10-65500 --rate=100000

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:14:23 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 13 hosts [65491 ports/host]
Discovered open port 443/tcp on 143.x.x.2                                   
Discovered open port 443/tcp on 143.x.x.129                                 
Discovered open port 2000/tcp on 143.x.x.129                                
Discovered open port 443/tcp on 52.x.x.130                                   
Discovered open port 80/tcp on 143.x.x.106   
Discovered open port 8020/tcp on 143.x.x.129                                                               
Discovered open port 8008/tcp on 143.x.x.129                                
Discovered open port 443/tcp on 52.x.x.5                                     
Discovered open port 443/tcp on 52.x.x.35                                    
Discovered open port 443/tcp on 143.x.x.69                                  
Discovered open port 8010/tcp on 143.x.x.129                                
Discovered open port 80/tcp on 52.x.x.130                                    
Discovered open port 443/tcp on 52.x.x.20                                    
Discovered open port 443/tcp on 143.x.x.106                                 
Discovered open port 5060/tcp on 143.x.x.129                                
Discovered open port 80/tcp on 143.x.x.68                                   
Discovered open port 80/tcp on 143.x.x.2                                    
Discovered open port 80/tcp on 52.x.x.5                                      
Discovered open port 8020/tcp on 143.x.x.129                                
Discovered open port 80/tcp on 143.x.x.129                                  
Discovered open port 80/tcp on 52.x.x.20                                     
Discovered open port 80/tcp on 52.x.x.35                                     
Discovered open port 80/tcp on 143.x.x.69                                   
Discovered open port 443/tcp on 143.x.x.68

And just to check whether masscan was actually giving the correct results, I checked with nmap for 3 weird ports ( which I doubted were open ) and it were open 😄 , thus verifying the masscan :

nmap -v -n -p8008,8010,8020 143.x.x.129

Starting Nmap 7.40 ( https://nmap.org ) at 2018-07-19 10:49 IST
Initiating Ping Scan at 10:49
Scanning 143.x.x.129 [4 ports]
Completed Ping Scan at 10:49, 0.22s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 10:49
Scanning 143.x.x.129 [3 ports]
Discovered open port 8008/tcp on 143.x.x.129
Discovered open port 8020/tcp on 143.x.x.129
Discovered open port 8010/tcp on 143.x.x.129
Completed SYN Stealth Scan at 10:49, 0.22s elapsed (3 total ports)
Nmap scan report for 143.x.x.129
Host is up (0.13s latency).
PORT     STATE SERVICE
8008/tcp open  http
8010/tcp open  xmpp
8020/tcp open  intu-ec-svcdisc

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.55 seconds
           Raw packets sent: 7 (284B) | Rcvd: 4 (160B)

I don't know the reason of "why this is happening ?"

But would surely want to know.

This issue started with a problem I was facing ( couldn't get any output ) and now I am left with a question "Why am I getting the results ?" 🤣

P.S. Perhaps this guy here is also facing the same issue #318 and here too issue #303

mzpqnxow · Jul 19, 2018

Sounds like a closed issue to me ;) Why? Probably a PEBKAC issue or perhaps pilot error...

…

On Thu, Jul 19, 2018 at 01:32 Aseem Shrey ***@***.***> wrote: Hi everyone, I am having a weird situation here. I don't get any results when masscan is used to scan all the 65535 ports however, if I scan specific ports I do get the output. What all have I tried - I have tried this <#220 (comment)> but in vain. - I have switched VPSes between AWS and Digital Ocean. - Tried it on *ubuntu 16.04* ( *AWS and digital ocean* ) - Tried it on *arch linux* ( *AWS and digital ocean* ) - Tried it on my local system *kali 2018.2* - Built it from the repo - Also installed it from repositories in kali - Tried fiddling with --rate and --wait parameter ( I thought maybe the packets receiving was taking long ) But as I am here, you all could guess nothing worked. Working Output for single port masscan -iL ips.txt -p80,443,22,25 Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:05:32 GMT -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth Initiating SYN Stealth Scan Scanning 13 hosts [4 ports/host] Discovered open port 443/tcp on 143.x.x.68 Discovered open port 443/tcp on 143.x.x.129 Discovered open port 80/tcp on 143.x.x.125 Discovered open port 443/tcp on 143.x.x.10 Discovered open port 443/tcp on 143.x.x.104 Discovered open port 80/tcp on 52.x.x.130 Discovered open port 443/tcp on 52.x.x.5 Discovered open port 80/tcp on 143.x.x.129 Discovered open port 443/tcp on 143.x.x.106 Discovered open port 80/tcp on 143.x.x.106 Discovered open port 80/tcp on 143.x.x.104 Discovered open port 80/tcp on 52.x.x.20 Discovered open port 443/tcp on 14x.x.29.2 Discovered open port 80/tcp on 52.x.x.5 Discovered open port 80/tcp on 143.x.x.68 Discovered open port 443/tcp on 143.x.x.125 Discovered open port 80/tcp on 52.x.x.35 Discovered open port 80/tcp on 143.x.x.10 Discovered open port 443/tcp on 52.x.x.35 Discovered open port 443/tcp on 52.x.x.20 Discovered open port 80/tcp on 143.x.x.2 Discovered open port 443/tcp on 52.x.x.130 Discovered open port 443/tcp on 143.x.29.69 Discovered open port 80/tcp on 143.x.29.69 And when scanning the same with all the options gives no output masscan -e eth0 --adapter-ip 159.x.x.147 --adapter-mac a6:b6:dc:2d:9b:d8 --router-mac 00:00:5e:00:11:3e --rate=1000 -iL .ips.txt -p80,443 -dd -oG masscan-results pcap: found library: libpcap.so pcap: pcap_dev_name: failed pcap: pcap_dev_description: failed pcap: pcap_dev_next: failed pcap: pcap_sendqueue_alloc: failed pcap: pcap_sendqueue_transmit: failed pcap: pcap_sendqueue_destroy: failed pcap: pcap_sendqueue_queue: failed pfring: error: dlopen('libpfring.so'): No such file or directory initializing adapter pcap: libpcap version 1.8.1 pcap:'eth0': opening... pcap:'eth0': successfully opened adapter initialization done. THREAD: xmit: starting thread #0 Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:03:38 GMT -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth Initiating SYN Stealth Scan Scanning 13 hosts [2 ports/host] THREAD: status: starting thread THREAD: recv: starting thread #0 0:00:00 remaining, found=0 THREAD: recv: starting main loop maxrate = 1000.00 THREAD: xmit done, waiting for receive thread to realize this THREAD: xmit: stopping thread #0waiting 0-secs, found=0 THREAD: recv: stopping thread #0waiting 0-secs, found=0 THREAD: status: stopping thread waiting -1-secs, found=0 I tried with adding the --source-ip 192.168.1.200 but that also didn't work ( It was mentioned for banner grabbing here <https://github.com/robertdavidgraham/masscan/blob/master/README.md#banner-checking> ) The same goes for scanning all *65535* ports with the above options or without it : masscan -e eth0 --adapter-ip 159.x.x.147 --adapter-mac a6:b6:dc:2d:9b:d8 --router-mac 00:00:5e:00:11:3e --rate=1000 -iL ips.txt -p1-65535 --source-ip 192.168.1.200 -dd -oG masscan-results pcap: found library: libpcap.so pcap: pcap_dev_name: failed pcap: pcap_dev_description: failed pcap: pcap_dev_next: failed pcap: pcap_sendqueue_alloc: failed pcap: pcap_sendqueue_transmit: failed pcap: pcap_sendqueue_destroy: failed pcap: pcap_sendqueue_queue: failed pfring: error: dlopen('libpfring.so'): No such file or directory initializing adapter pcap: libpcap version 1.8.1 pcap:'eth0': opening... pcap:'eth0': successfully opened adapter initialization done. Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:23:40 GMT -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth Initiating SYN Stealth Scan Scanning 13 hosts [2 ports/host] THREAD: status: starting thread THREAD: recv: starting thread #0 0:00:00 remaining, found=0 THREAD: recv: starting main loop maxrate = 1000.00 THREAD: xmit done, waiting for receive thread to realize this THREAD: xmit: stopping thread #0waiting 0-secs, found=0 THREAD: recv: stopping thread #0waiting 0-secs, found=0 THREAD: status: stopping thread waiting -1-secs, found=0 However as I was putting up this issue, I tried this and this shows some promising results ( perhaps ) : masscan -iL ips.txt -p10-65500 --rate=100000 Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:14:23 GMT -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth Initiating SYN Stealth Scan Scanning 13 hosts [65491 ports/host] Discovered open port 443/tcp on 143.x.x.2 Discovered open port 443/tcp on 143.x.x.129 Discovered open port 2000/tcp on 143.x.x.129 Discovered open port 443/tcp on 52.x.x.130 Discovered open port 80/tcp on 143.x.x.106 Discovered open port 8020/tcp on 143.x.x.129 Discovered open port 8008/tcp on 143.x.x.129 Discovered open port 443/tcp on 52.x.x.5 Discovered open port 443/tcp on 52.x.x.35 Discovered open port 443/tcp on 143.x.x.69 Discovered open port 8010/tcp on 143.x.x.129 Discovered open port 80/tcp on 52.x.x.130 Discovered open port 443/tcp on 52.x.x.20 Discovered open port 443/tcp on 143.x.x.106 Discovered open port 5060/tcp on 143.x.x.129 Discovered open port 80/tcp on 143.x.x.68 Discovered open port 80/tcp on 143.x.x.2 Discovered open port 80/tcp on 52.x.x.5 Discovered open port 8020/tcp on 143.x.x.129 Discovered open port 80/tcp on 143.x.x.129 Discovered open port 80/tcp on 52.x.x.20 Discovered open port 80/tcp on 52.x.x.35 Discovered open port 80/tcp on 143.x.x.69 Discovered open port 443/tcp on 143.x.x.68 And just to check whether masscan was actually giving the correct results, I checked with nmap for 3 weird ports ( which I doubted were open ) and it were open 😄 , thus verifying the masscan : nmap -v -n -p8008,8010,8020 143.x.x.129 Starting Nmap 7.40 ( https://nmap.org ) at 2018-07-19 10:49 IST Initiating Ping Scan at 10:49 Scanning 143.x.x.129 [4 ports] Completed Ping Scan at 10:49, 0.22s elapsed (1 total hosts) Initiating SYN Stealth Scan at 10:49 Scanning 143.x.x.129 [3 ports] Discovered open port 8008/tcp on 143.x.x.129 Discovered open port 8020/tcp on 143.x.x.129 Discovered open port 8010/tcp on 143.x.x.129 Completed SYN Stealth Scan at 10:49, 0.22s elapsed (3 total ports) Nmap scan report for 143.x.x.129 Host is up (0.13s latency). PORT STATE SERVICE 8008/tcp open http 8010/tcp open xmpp 8020/tcp open intu-ec-svcdisc Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 0.55 seconds Raw packets sent: 7 (284B) | Rcvd: 4 (160B) I don't know the reason of "why this is happening ?" But would surely want to know. This issue *started with a problem* I was facing ( *couldn't get any output* ) and now I am left with a question *"Why am I getting the results ?"* 🤣 — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#365>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AHpRZM2yF0O0rhpiyVjK1t2pHg3PCyRKks5uIBn3gaJpZM4VVxkQ> .

robertdavidgraham · Jul 23, 2018

I can't see what's wrong. You might check Wireshark. I suspect the cause is that the MAC address of the either the local adapter or of the router is in error, which will cause packets to be transmitted but go nowhere, or for packets not to be received.

notwhy · Oct 22, 2018

hello .
i also meet this weird question.
when i scan single port get many results, but few results for many ports
when i start scan single port
about 100+ results
`
masscan -p80,8080,443 60.247.11.1/24 --excludefile excludefile.txt --rate 10000 --retries 2 excludefile.txt: excluding 2 ranges from file

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-10-22 11:13:29 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 254 hosts [3 ports/host]
Discovered open port 80/tcp on 60.247.11.185
Discovered open port 8080/tcp on 60.247.11.164
Discovered open port 80/tcp on 60.247.11.221
Discovered open port 80/tcp on 60.247.11.226
Discovered open port 8080/tcp on 60.247.11.133
Discovered open port 80/tcp on 60.247.11.240
Discovered open port 80/tcp on 60.247.11.143
Discovered open port 80/tcp on 60.247.11.161
Discovered open port 80/tcp on 60.247.11.213
Discovered open port 80/tcp on 60.247.11.137
Discovered open port 8080/tcp on 60.247.11.199
Discovered open port 80/tcp on 60.247.11.186
Discovered open port 443/tcp on 60.247.11.197
Discovered open port 80/tcp on 60.247.11.156
Discovered open port 80/tcp on 60.247.11.132
Discovered open port 443/tcp on 60.247.11.166
Discovered open port 80/tcp on 60.247.11.139
Discovered open port 443/tcp on 60.247.11.195
Discovered open port 80/tcp on 60.247.11.229
Discovered open port 8080/tcp on 60.247.11.229
Discovered open port 80/tcp on 60.247.11.223
Discovered open port 80/tcp on 60.247.11.199
Discovered open port 80/tcp on 60.247.11.170
Discovered open port 80/tcp on 60.247.11.147
Discovered open port 80/tcp on 60.247.11.178
Discovered open port 80/tcp on 60.247.11.232
Discovered open port 443/tcp on 60.247.11.213
Discovered open port 80/tcp on 60.247.11.209
Discovered open port 80/tcp on 60.247.11.171
Discovered open port 80/tcp on 60.247.11.180
Discovered open port 80/tcp on 60.247.11.189
Discovered open port 80/tcp on 60.247.11.151
Discovered open port 80/tcp on 60.247.11.187
Discovered open port 80/tcp on 60.247.11.172
Discovered open port 8080/tcp on 60.247.11.158
Discovered open port 80/tcp on 60.247.11.145
Discovered open port 8080/tcp on 60.247.11.135
Discovered open port 443/tcp on 60.247.11.2
Discovered open port 80/tcp on 60.247.11.243
Discovered open port 80/tcp on 60.247.11.238
Discovered open port 443/tcp on 60.247.11.233
Discovered open port 80/tcp on 60.247.11.154
Discovered open port 80/tcp on 60.247.11.158
Discovered open port 80/tcp on 60.247.11.245
Discovered open port 80/tcp on 60.247.11.252
Discovered open port 80/tcp on 60.247.11.164
Discovered open port 80/tcp on 60.247.11.198
Discovered open port 80/tcp on 60.247.11.192
Discovered open port 80/tcp on 60.247.11.214
Discovered open port 80/tcp on 60.247.11.184
Discovered open port 80/tcp on 60.247.11.70
Discovered open port 80/tcp on 60.247.11.211
Discovered open port 80/tcp on 60.247.11.246
Discovered open port 8080/tcp on 60.247.11.203
Discovered open port 80/tcp on 60.247.11.169
Discovered open port 80/tcp on 60.247.11.230
Discovered open port 80/tcp on 60.247.11.190
Discovered open port 8080/tcp on 60.247.11.144
Discovered open port 80/tcp on 60.247.11.181
Discovered open port 80/tcp on 60.247.11.135
Discovered open port 443/tcp on 60.247.11.157
Discovered open port 80/tcp on 60.247.11.173
Discovered open port 8080/tcp on 60.247.11.139
Discovered open port 80/tcp on 60.247.11.155
Discovered open port 80/tcp on 60.247.11.138
Discovered open port 80/tcp on 60.247.11.162
Discovered open port 80/tcp on 60.247.11.188
Discovered open port 80/tcp on 60.247.11.196
Discovered open port 80/tcp on 60.247.11.153
Discovered open port 80/tcp on 60.247.11.251
Discovered open port 80/tcp on 60.247.11.167
Discovered open port 8080/tcp on 60.247.11.211
Discovered open port 443/tcp on 60.247.11.179
Discovered open port 80/tcp on 60.247.11.175
Discovered open port 80/tcp on 60.247.11.195
Discovered open port 80/tcp on 60.247.11.157
Discovered open port 443/tcp on 60.247.11.214
Discovered open port 8080/tcp on 60.247.11.143
Discovered open port 80/tcp on 60.247.11.197
Discovered open port 443/tcp on 60.247.11.139
Discovered open port 443/tcp on 60.247.11.238
Discovered open port 80/tcp on 60.247.11.191
Discovered open port 80/tcp on 60.247.11.133
Discovered open port 443/tcp on 60.247.11.153
Discovered open port 80/tcp on 60.247.11.234
Discovered open port 80/tcp on 60.247.11.224
Discovered open port 443/tcp on 60.247.11.198
Discovered open port 80/tcp on 60.247.11.203
Discovered open port 80/tcp on 60.247.11.144
Discovered open port 443/tcp on 60.247.11.168
Discovered open port 80/tcp on 60.247.11.219
Discovered open port 8080/tcp on 60.247.11.197
Discovered open port 80/tcp on 60.247.11.160
Discovered open port 80/tcp on 60.247.11.248
Discovered open port 8080/tcp on 60.247.11.248
Discovered open port 80/tcp on 60.247.11.215
Discovered open port 8080/tcp on 60.247.11.200
Discovered open port 80/tcp on 60.247.11.200
Discovered open port 443/tcp on 60.247.11.199
Discovered open port 80/tcp on 60.247.11.152
Discovered open port 80/tcp on 60.247.11.233
Discovered open port 80/tcp on 60.247.11.225
Discovered open port 80/tcp on 60.247.11.212
Discovered open port 80/tcp on 60.247.11.149
Discovered open port 80/tcp on 60.247.11.174
Discovered open port 80/tcp on 60.247.11.244
Discovered open port 80/tcp on 60.247.11.247
Discovered open port 80/tcp on 60.247.11.140
Discovered open port 8080/tcp on 60.247.11.181
Discovered open port 80/tcp on 60.247.11.182
Discovered open port 80/tcp on 60.247.11.237
Discovered open port 80/tcp on 60.247.11.177
Discovered open port 80/tcp on 60.247.11.220
Discovered open port 8080/tcp on 60.247.11.140
Discovered open port 80/tcp on 60.247.11.249
Discovered open port 8080/tcp on 60.247.11.161
**Scan Multiple port** about 20+ results
masscan -p80,81,82,83,84,85,88,89,90,443,591,593,832,981,1010,1311,2082,2087,2095,2096,2480,3000,3128,3311,3312,3333,4243,4567,4711,4712,4848,4993,5000,5002,5080,5104,5108,5110,5112,5168,5170,5200,5220,5270,5300,5373,5600,5700,5800,6543,6600,6611,7000,7001,7002,7003,7396,7474,7778,8000,8001,8008,8010,8014,8042,8069,8080,8081,8082,8083,8088,8089,8090,8091,8118,8123,8172,8222,8243,8280,8281,8333,8443,8500,8834,8880,8888,8901,8903,8983,9000,9043,9060,9080,9081,9090,9091,9200,9300,9443,9800,9981,10000,12443,16080,18080,18091,18092,20720,24224,28017,28903 60.247.11.1/24 --excludefile excludefile.txt --rate 1000 --retries 2
excludefile.txt: excluding 2 ranges from file

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-10-22 11:16:15 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 254 hosts [112 ports/host]
Discovered open port 8080/tcp on 60.247.11.199
Discovered open port 8080/tcp on 60.247.11.229
Discovered open port 7001/tcp on 60.247.11.243
Discovered open port 8888/tcp on 60.247.11.95
Discovered open port 83/tcp on 60.247.11.157
Discovered open port 80/tcp on 60.247.11.212
Discovered open port 80/tcp on 60.247.11.143
Discovered open port 80/tcp on 60.247.11.164
Discovered open port 8090/tcp on 60.247.11.242
Discovered open port 7001/tcp on 60.247.11.186
Discovered open port 8080/tcp on 60.247.11.181
Discovered open port 80/tcp on 60.247.11.172
Discovered open port 80/tcp on 60.247.11.157
Discovered open port 80/tcp on 60.247.11.137
Discovered open port 8080/tcp on 60.247.11.200
Discovered open port 80/tcp on 60.247.11.244
Discovered open port 7001/tcp on 60.247.11.246
Discovered open port 80/tcp on 60.247.11.243
Discovered open port 80/tcp on 60.247.11.195
Discovered open port 8080/tcp on 60.247.11.211
Discovered open port 80/tcp on 60.247.11.198
Discovered open port 7001/tcp on 60.247.11.132
Discovered open port 80/tcp on 60.247.11.180
Discovered open port 80/tcp on 60.247.11.178
Discovered open port 80/tcp on 60.247.11.226
Discovered open port 8080/tcp on 60.247.11.144
Discovered open port 80/tcp on 60.247.11.185
Discovered open port 80/tcp on 60.247.11.70
Discovered open port 84/tcp on 60.247.11.157
Discovered open port 80/tcp on 60.247.11.164
Discovered open port 80/tcp on 60.247.11.197
Discovered open port 80/tcp on 60.247.11.174
`
when scan 65535 ports
i get even few less then ten results than the top scan (-p80,81,82,83,84,85,88,89,90,443,591,593,83)

masscan -p1-65535 60.247.11.1/24 --excludefile excludefile.txt --rate 10000 --retries 2 
excludefile.txt: excluding 2 ranges from file

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-10-22 11:30:31 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 254 hosts [65535 ports/host]
Discovered open port 443/tcp on 60.247.11.233

i want to know why this happen .
I have checked the the MAC address local adapter and router they all seems correct

ravenium · Jul 3, 2019

Bumping this up with some results in AWS. It might be an issue with AWS (and other providers) 1:1 NAT usage. For example (10k pps rate):

-Scan single IP (modified to respond on all ports via iptables). Get back most ports.
-Scan "internal" subnet in AWS (aka within the VPC, RFC1918's). Results come back as expected.
-Scan a /24 we control outside of AWS: Sometimes nothing comes back at all, or 1-2 ports. Expected port count should be about 50-60 open TCP ports over about 30 hosts in the /24.

This was referenced Jul 19, 2018

Masscan not working against metasploitable image #318

Open

masscan not working on a windows host but nmap works, why?? #303

Open

robertdavidgraham closed this Jul 23, 2018

notwhy referenced this issue Oct 23, 2018

The result is reduced when whole range of port scans #382

Open

robertdavidgraham/masscan

No results when whole range of port scans and rate is low #365

No results when whole range of port scans and rate is low #365

LuD1161 commented Jul 19, 2018 •

edited

This comment has been minimized.

mzpqnxow commented Jul 19, 2018

This comment has been minimized.

robertdavidgraham commented Jul 23, 2018

robertdavidgraham closed this Jul 23, 2018

This comment has been minimized.

notwhy commented Oct 22, 2018

This comment has been minimized.

ravenium commented Jul 3, 2019

robertdavidgraham/masscan

Join GitHub today

No results when whole range of port scans and rate is low #365

Comments

LuD1161 commented Jul 19, 2018 • edited

What all have I tried

Working Output for single port

And when scanning the same with all the options gives no output

The same goes for scanning all 65535 ports with the above options or without it :

However as I was putting up this issue, I tried this and this shows some promising results ( perhaps ) :

I don't know the reason of "why this is happening ?"

This comment has been minimized.

mzpqnxow commented Jul 19, 2018

This comment has been minimized.

robertdavidgraham commented Jul 23, 2018

robertdavidgraham closed this Jul 23, 2018

This comment has been minimized.

notwhy commented Oct 22, 2018

This comment has been minimized.

ravenium commented Jul 3, 2019

LuD1161 commented Jul 19, 2018 •

edited