Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No results when whole range of port scans and rate is low #365

Closed
LuD1161 opened this issue Jul 19, 2018 · 4 comments

Comments

@LuD1161
Copy link

commented Jul 19, 2018

Hi everyone,

I am having a weird situation here.

I don't get any results when masscan is used to scan all the 65535 ports however, if I scan specific ports I do get the output.

What all have I tried

  • I have tried this but in vain.
  • I have switched VPSes between AWS and Digital Ocean.
  • Tried it on ubuntu 16.04 ( AWS and digital ocean )
  • Tried it on arch linux ( AWS and digital ocean )
  • Tried it on my local system kali 2018.2
  • Built it from the repo
  • Also installed it from repositories in kali
  • Tried fiddling with --rate and --wait parameter ( I thought maybe the packets receiving was taking long )

But as I am here, you all could guess nothing worked.

Working Output for single port

masscan -iL ips.txt -p80,443,22,25

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:05:32 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 13 hosts [4 ports/host]
Discovered open port 443/tcp on 143.x.x.68                                  
Discovered open port 443/tcp on 143.x.x.129                                 
Discovered open port 80/tcp on 143.x.x.125                                  
Discovered open port 443/tcp on 143.x.x.10                                  
Discovered open port 443/tcp on 143.x.x.104                                 
Discovered open port 80/tcp on 52.x.x.130                                    
Discovered open port 443/tcp on 52.x.x.5                                     
Discovered open port 80/tcp on 143.x.x.129                                  
Discovered open port 443/tcp on 143.x.x.106                                 
Discovered open port 80/tcp on 143.x.x.106                                  
Discovered open port 80/tcp on 143.x.x.104                                  
Discovered open port 80/tcp on 52.x.x.20                                     
Discovered open port 443/tcp on 14x.x.29.2                                   
Discovered open port 80/tcp on 52.x.x.5                                      
Discovered open port 80/tcp on 143.x.x.68                                   
Discovered open port 443/tcp on 143.x.x.125                                 
Discovered open port 80/tcp on 52.x.x.35                                     
Discovered open port 80/tcp on 143.x.x.10                                   
Discovered open port 443/tcp on 52.x.x.35                                    
Discovered open port 443/tcp on 52.x.x.20                                    
Discovered open port 80/tcp on 143.x.x.2                                    
Discovered open port 443/tcp on 52.x.x.130                                   
Discovered open port 443/tcp on 143.x.29.69                                  
Discovered open port 80/tcp on 143.x.29.69   

And when scanning the same with all the options gives no output

masscan -e eth0 --adapter-ip 159.x.x.147 --adapter-mac a6:b6:dc:2d:9b:d8 --router-mac 00:00:5e:00:11:3e --rate=1000 -iL .ips.txt -p80,443 -dd -oG masscan-results
pcap: found library: libpcap.so
pcap: pcap_dev_name: failed
pcap: pcap_dev_description: failed
pcap: pcap_dev_next: failed
pcap: pcap_sendqueue_alloc: failed
pcap: pcap_sendqueue_transmit: failed
pcap: pcap_sendqueue_destroy: failed
pcap: pcap_sendqueue_queue: failed
pfring: error: dlopen('libpfring.so'): No such file or directory
initializing adapter
pcap: libpcap version 1.8.1
pcap:'eth0': opening...
pcap:'eth0': successfully opened
adapter initialization done.
THREAD: xmit: starting thread #0

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:03:38 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 13 hosts [2 ports/host]
THREAD: status: starting thread
THREAD: recv: starting thread #0 0:00:00 remaining, found=0       
THREAD: recv: starting main loop
maxrate = 1000.00
THREAD: xmit done, waiting for receive thread to realize this
THREAD: xmit: stopping thread #0waiting 0-secs, found=0        
THREAD: recv: stopping thread #0waiting 0-secs, found=0       
THREAD: status: stopping thread waiting -1-secs, found=0    

I tried with adding the --source-ip 192.168.1.200 but that also didn't work ( It was mentioned for banner grabbing here )

The same goes for scanning all 65535 ports with the above options or without it :

masscan -e eth0 --adapter-ip 159.x.x.147 --adapter-mac a6:b6:dc:2d:9b:d8 --router-mac 00:00:5e:00:11:3e --rate=1000 -iL ips.txt -p1-65535 --source-ip 192.168.1.200 -dd -oG masscan-results
pcap: found library: libpcap.so
pcap: pcap_dev_name: failed
pcap: pcap_dev_description: failed
pcap: pcap_dev_next: failed
pcap: pcap_sendqueue_alloc: failed
pcap: pcap_sendqueue_transmit: failed
pcap: pcap_sendqueue_destroy: failed
pcap: pcap_sendqueue_queue: failed
pfring: error: dlopen('libpfring.so'): No such file or directory
initializing adapter
pcap: libpcap version 1.8.1
pcap:'eth0': opening...
pcap:'eth0': successfully opened
adapter initialization done.

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:23:40 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 13 hosts [2 ports/host]
THREAD: status: starting thread
THREAD: recv: starting thread #0 0:00:00 remaining, found=0       
THREAD: recv: starting main loop
maxrate = 1000.00
THREAD: xmit done, waiting for receive thread to realize this
THREAD: xmit: stopping thread #0waiting 0-secs, found=0        
THREAD: recv: stopping thread #0waiting 0-secs, found=0       
THREAD: status: stopping thread waiting -1-secs, found=0      

However as I was putting up this issue, I tried this and this shows some promising results ( perhaps ) :

 masscan -iL ips.txt -p10-65500 --rate=100000

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:14:23 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 13 hosts [65491 ports/host]
Discovered open port 443/tcp on 143.x.x.2                                   
Discovered open port 443/tcp on 143.x.x.129                                 
Discovered open port 2000/tcp on 143.x.x.129                                
Discovered open port 443/tcp on 52.x.x.130                                   
Discovered open port 80/tcp on 143.x.x.106   
Discovered open port 8020/tcp on 143.x.x.129                                                               
Discovered open port 8008/tcp on 143.x.x.129                                
Discovered open port 443/tcp on 52.x.x.5                                     
Discovered open port 443/tcp on 52.x.x.35                                    
Discovered open port 443/tcp on 143.x.x.69                                  
Discovered open port 8010/tcp on 143.x.x.129                                
Discovered open port 80/tcp on 52.x.x.130                                    
Discovered open port 443/tcp on 52.x.x.20                                    
Discovered open port 443/tcp on 143.x.x.106                                 
Discovered open port 5060/tcp on 143.x.x.129                                
Discovered open port 80/tcp on 143.x.x.68                                   
Discovered open port 80/tcp on 143.x.x.2                                    
Discovered open port 80/tcp on 52.x.x.5                                      
Discovered open port 8020/tcp on 143.x.x.129                                
Discovered open port 80/tcp on 143.x.x.129                                  
Discovered open port 80/tcp on 52.x.x.20                                     
Discovered open port 80/tcp on 52.x.x.35                                     
Discovered open port 80/tcp on 143.x.x.69                                   
Discovered open port 443/tcp on 143.x.x.68                                  

And just to check whether masscan was actually giving the correct results, I checked with nmap for 3 weird ports ( which I doubted were open ) and it were open 😄 , thus verifying the masscan :

nmap -v -n -p8008,8010,8020 143.x.x.129

Starting Nmap 7.40 ( https://nmap.org ) at 2018-07-19 10:49 IST
Initiating Ping Scan at 10:49
Scanning 143.x.x.129 [4 ports]
Completed Ping Scan at 10:49, 0.22s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 10:49
Scanning 143.x.x.129 [3 ports]
Discovered open port 8008/tcp on 143.x.x.129
Discovered open port 8020/tcp on 143.x.x.129
Discovered open port 8010/tcp on 143.x.x.129
Completed SYN Stealth Scan at 10:49, 0.22s elapsed (3 total ports)
Nmap scan report for 143.x.x.129
Host is up (0.13s latency).
PORT     STATE SERVICE
8008/tcp open  http
8010/tcp open  xmpp
8020/tcp open  intu-ec-svcdisc

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.55 seconds
           Raw packets sent: 7 (284B) | Rcvd: 4 (160B)

I don't know the reason of "why this is happening ?"

But would surely want to know.

This issue started with a problem I was facing ( couldn't get any output ) and now I am left with a question "Why am I getting the results ?" 🤣

P.S. Perhaps this guy here is also facing the same issue #318 and here too issue #303

@mzpqnxow

This comment has been minimized.

Copy link
Contributor

commented Jul 19, 2018

@robertdavidgraham

This comment has been minimized.

Copy link
Owner

commented Jul 23, 2018

I can't see what's wrong. You might check Wireshark. I suspect the cause is that the MAC address of the either the local adapter or of the router is in error, which will cause packets to be transmitted but go nowhere, or for packets not to be received.

@notwhy

This comment has been minimized.

Copy link

commented Oct 22, 2018

hello .
i also meet this weird question.
when i scan single port get many results, but few results for many ports
when i start scan single port
about 100+ results
`
masscan -p80,8080,443 60.247.11.1/24 --excludefile excludefile.txt --rate 10000 --retries 2 excludefile.txt: excluding 2 ranges from file

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-10-22 11:13:29 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 254 hosts [3 ports/host]
Discovered open port 80/tcp on 60.247.11.185
Discovered open port 8080/tcp on 60.247.11.164
Discovered open port 80/tcp on 60.247.11.221
Discovered open port 80/tcp on 60.247.11.226
Discovered open port 8080/tcp on 60.247.11.133
Discovered open port 80/tcp on 60.247.11.240
Discovered open port 80/tcp on 60.247.11.143
Discovered open port 80/tcp on 60.247.11.161
Discovered open port 80/tcp on 60.247.11.213
Discovered open port 80/tcp on 60.247.11.137
Discovered open port 8080/tcp on 60.247.11.199
Discovered open port 80/tcp on 60.247.11.186
Discovered open port 443/tcp on 60.247.11.197
Discovered open port 80/tcp on 60.247.11.156
Discovered open port 80/tcp on 60.247.11.132
Discovered open port 443/tcp on 60.247.11.166
Discovered open port 80/tcp on 60.247.11.139
Discovered open port 443/tcp on 60.247.11.195
Discovered open port 80/tcp on 60.247.11.229
Discovered open port 8080/tcp on 60.247.11.229
Discovered open port 80/tcp on 60.247.11.223
Discovered open port 80/tcp on 60.247.11.199
Discovered open port 80/tcp on 60.247.11.170
Discovered open port 80/tcp on 60.247.11.147
Discovered open port 80/tcp on 60.247.11.178
Discovered open port 80/tcp on 60.247.11.232
Discovered open port 443/tcp on 60.247.11.213
Discovered open port 80/tcp on 60.247.11.209
Discovered open port 80/tcp on 60.247.11.171
Discovered open port 80/tcp on 60.247.11.180
Discovered open port 80/tcp on 60.247.11.189
Discovered open port 80/tcp on 60.247.11.151
Discovered open port 80/tcp on 60.247.11.187
Discovered open port 80/tcp on 60.247.11.172
Discovered open port 8080/tcp on 60.247.11.158
Discovered open port 80/tcp on 60.247.11.145
Discovered open port 8080/tcp on 60.247.11.135
Discovered open port 443/tcp on 60.247.11.2
Discovered open port 80/tcp on 60.247.11.243
Discovered open port 80/tcp on 60.247.11.238
Discovered open port 443/tcp on 60.247.11.233
Discovered open port 80/tcp on 60.247.11.154
Discovered open port 80/tcp on 60.247.11.158
Discovered open port 80/tcp on 60.247.11.245
Discovered open port 80/tcp on 60.247.11.252
Discovered open port 80/tcp on 60.247.11.164
Discovered open port 80/tcp on 60.247.11.198
Discovered open port 80/tcp on 60.247.11.192
Discovered open port 80/tcp on 60.247.11.214
Discovered open port 80/tcp on 60.247.11.184
Discovered open port 80/tcp on 60.247.11.70
Discovered open port 80/tcp on 60.247.11.211
Discovered open port 80/tcp on 60.247.11.246
Discovered open port 8080/tcp on 60.247.11.203
Discovered open port 80/tcp on 60.247.11.169
Discovered open port 80/tcp on 60.247.11.230
Discovered open port 80/tcp on 60.247.11.190
Discovered open port 8080/tcp on 60.247.11.144
Discovered open port 80/tcp on 60.247.11.181
Discovered open port 80/tcp on 60.247.11.135
Discovered open port 443/tcp on 60.247.11.157
Discovered open port 80/tcp on 60.247.11.173
Discovered open port 8080/tcp on 60.247.11.139
Discovered open port 80/tcp on 60.247.11.155
Discovered open port 80/tcp on 60.247.11.138
Discovered open port 80/tcp on 60.247.11.162
Discovered open port 80/tcp on 60.247.11.188
Discovered open port 80/tcp on 60.247.11.196
Discovered open port 80/tcp on 60.247.11.153
Discovered open port 80/tcp on 60.247.11.251
Discovered open port 80/tcp on 60.247.11.167
Discovered open port 8080/tcp on 60.247.11.211
Discovered open port 443/tcp on 60.247.11.179
Discovered open port 80/tcp on 60.247.11.175
Discovered open port 80/tcp on 60.247.11.195
Discovered open port 80/tcp on 60.247.11.157
Discovered open port 443/tcp on 60.247.11.214
Discovered open port 8080/tcp on 60.247.11.143
Discovered open port 80/tcp on 60.247.11.197
Discovered open port 443/tcp on 60.247.11.139
Discovered open port 443/tcp on 60.247.11.238
Discovered open port 80/tcp on 60.247.11.191
Discovered open port 80/tcp on 60.247.11.133
Discovered open port 443/tcp on 60.247.11.153
Discovered open port 80/tcp on 60.247.11.234
Discovered open port 80/tcp on 60.247.11.224
Discovered open port 443/tcp on 60.247.11.198
Discovered open port 80/tcp on 60.247.11.203
Discovered open port 80/tcp on 60.247.11.144
Discovered open port 443/tcp on 60.247.11.168
Discovered open port 80/tcp on 60.247.11.219
Discovered open port 8080/tcp on 60.247.11.197
Discovered open port 80/tcp on 60.247.11.160
Discovered open port 80/tcp on 60.247.11.248
Discovered open port 8080/tcp on 60.247.11.248
Discovered open port 80/tcp on 60.247.11.215
Discovered open port 8080/tcp on 60.247.11.200
Discovered open port 80/tcp on 60.247.11.200
Discovered open port 443/tcp on 60.247.11.199
Discovered open port 80/tcp on 60.247.11.152
Discovered open port 80/tcp on 60.247.11.233
Discovered open port 80/tcp on 60.247.11.225
Discovered open port 80/tcp on 60.247.11.212
Discovered open port 80/tcp on 60.247.11.149
Discovered open port 80/tcp on 60.247.11.174
Discovered open port 80/tcp on 60.247.11.244
Discovered open port 80/tcp on 60.247.11.247
Discovered open port 80/tcp on 60.247.11.140
Discovered open port 8080/tcp on 60.247.11.181
Discovered open port 80/tcp on 60.247.11.182
Discovered open port 80/tcp on 60.247.11.237
Discovered open port 80/tcp on 60.247.11.177
Discovered open port 80/tcp on 60.247.11.220
Discovered open port 8080/tcp on 60.247.11.140
Discovered open port 80/tcp on 60.247.11.249
Discovered open port 8080/tcp on 60.247.11.161
**Scan Multiple port** about 20+ results
masscan -p80,81,82,83,84,85,88,89,90,443,591,593,832,981,1010,1311,2082,2087,2095,2096,2480,3000,3128,3311,3312,3333,4243,4567,4711,4712,4848,4993,5000,5002,5080,5104,5108,5110,5112,5168,5170,5200,5220,5270,5300,5373,5600,5700,5800,6543,6600,6611,7000,7001,7002,7003,7396,7474,7778,8000,8001,8008,8010,8014,8042,8069,8080,8081,8082,8083,8088,8089,8090,8091,8118,8123,8172,8222,8243,8280,8281,8333,8443,8500,8834,8880,8888,8901,8903,8983,9000,9043,9060,9080,9081,9090,9091,9200,9300,9443,9800,9981,10000,12443,16080,18080,18091,18092,20720,24224,28017,28903 60.247.11.1/24 --excludefile excludefile.txt --rate 1000 --retries 2
excludefile.txt: excluding 2 ranges from file

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-10-22 11:16:15 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 254 hosts [112 ports/host]
Discovered open port 8080/tcp on 60.247.11.199
Discovered open port 8080/tcp on 60.247.11.229
Discovered open port 7001/tcp on 60.247.11.243
Discovered open port 8888/tcp on 60.247.11.95
Discovered open port 83/tcp on 60.247.11.157
Discovered open port 80/tcp on 60.247.11.212
Discovered open port 80/tcp on 60.247.11.143
Discovered open port 80/tcp on 60.247.11.164
Discovered open port 8090/tcp on 60.247.11.242
Discovered open port 7001/tcp on 60.247.11.186
Discovered open port 8080/tcp on 60.247.11.181
Discovered open port 80/tcp on 60.247.11.172
Discovered open port 80/tcp on 60.247.11.157
Discovered open port 80/tcp on 60.247.11.137
Discovered open port 8080/tcp on 60.247.11.200
Discovered open port 80/tcp on 60.247.11.244
Discovered open port 7001/tcp on 60.247.11.246
Discovered open port 80/tcp on 60.247.11.243
Discovered open port 80/tcp on 60.247.11.195
Discovered open port 8080/tcp on 60.247.11.211
Discovered open port 80/tcp on 60.247.11.198
Discovered open port 7001/tcp on 60.247.11.132
Discovered open port 80/tcp on 60.247.11.180
Discovered open port 80/tcp on 60.247.11.178
Discovered open port 80/tcp on 60.247.11.226
Discovered open port 8080/tcp on 60.247.11.144
Discovered open port 80/tcp on 60.247.11.185
Discovered open port 80/tcp on 60.247.11.70
Discovered open port 84/tcp on 60.247.11.157
Discovered open port 80/tcp on 60.247.11.164
Discovered open port 80/tcp on 60.247.11.197
Discovered open port 80/tcp on 60.247.11.174
`
when scan 65535 ports
i get even few less then ten results than the top scan (-p80,81,82,83,84,85,88,89,90,443,591,593,83)

masscan -p1-65535 60.247.11.1/24 --excludefile excludefile.txt --rate 10000 --retries 2 
excludefile.txt: excluding 2 ranges from file

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-10-22 11:30:31 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 254 hosts [65535 ports/host]
Discovered open port 443/tcp on 60.247.11.233                             

i want to know why this happen .
I have checked the the MAC address local adapter and router they all seems correct

@ravenium

This comment has been minimized.

Copy link

commented Jul 3, 2019

Bumping this up with some results in AWS. It might be an issue with AWS (and other providers) 1:1 NAT usage. For example (10k pps rate):

-Scan single IP (modified to respond on all ports via iptables). Get back most ports.
-Scan "internal" subnet in AWS (aka within the VPC, RFC1918's). Results come back as expected.
-Scan a /24 we control outside of AWS: Sometimes nothing comes back at all, or 1-2 ports. Expected port count should be about 50-60 open TCP ports over about 30 hosts in the /24.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.