Skip to content

No results when whole range of port scans and rate is low #365

Closed
@LuD1161

Description

@LuD1161

Hi everyone,

I am having a weird situation here.

I don't get any results when masscan is used to scan all the 65535 ports however, if I scan specific ports I do get the output.

What all have I tried

  • I have tried this but in vain.
  • I have switched VPSes between AWS and Digital Ocean.
  • Tried it on ubuntu 16.04 ( AWS and digital ocean )
  • Tried it on arch linux ( AWS and digital ocean )
  • Tried it on my local system kali 2018.2
  • Built it from the repo
  • Also installed it from repositories in kali
  • Tried fiddling with --rate and --wait parameter ( I thought maybe the packets receiving was taking long )

But as I am here, you all could guess nothing worked.

Working Output for single port

masscan -iL ips.txt -p80,443,22,25

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:05:32 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 13 hosts [4 ports/host]
Discovered open port 443/tcp on 143.x.x.68                                  
Discovered open port 443/tcp on 143.x.x.129                                 
Discovered open port 80/tcp on 143.x.x.125                                  
Discovered open port 443/tcp on 143.x.x.10                                  
Discovered open port 443/tcp on 143.x.x.104                                 
Discovered open port 80/tcp on 52.x.x.130                                    
Discovered open port 443/tcp on 52.x.x.5                                     
Discovered open port 80/tcp on 143.x.x.129                                  
Discovered open port 443/tcp on 143.x.x.106                                 
Discovered open port 80/tcp on 143.x.x.106                                  
Discovered open port 80/tcp on 143.x.x.104                                  
Discovered open port 80/tcp on 52.x.x.20                                     
Discovered open port 443/tcp on 14x.x.29.2                                   
Discovered open port 80/tcp on 52.x.x.5                                      
Discovered open port 80/tcp on 143.x.x.68                                   
Discovered open port 443/tcp on 143.x.x.125                                 
Discovered open port 80/tcp on 52.x.x.35                                     
Discovered open port 80/tcp on 143.x.x.10                                   
Discovered open port 443/tcp on 52.x.x.35                                    
Discovered open port 443/tcp on 52.x.x.20                                    
Discovered open port 80/tcp on 143.x.x.2                                    
Discovered open port 443/tcp on 52.x.x.130                                   
Discovered open port 443/tcp on 143.x.29.69                                  
Discovered open port 80/tcp on 143.x.29.69   

And when scanning the same with all the options gives no output

masscan -e eth0 --adapter-ip 159.x.x.147 --adapter-mac a6:b6:dc:2d:9b:d8 --router-mac 00:00:5e:00:11:3e --rate=1000 -iL .ips.txt -p80,443 -dd -oG masscan-results
pcap: found library: libpcap.so
pcap: pcap_dev_name: failed
pcap: pcap_dev_description: failed
pcap: pcap_dev_next: failed
pcap: pcap_sendqueue_alloc: failed
pcap: pcap_sendqueue_transmit: failed
pcap: pcap_sendqueue_destroy: failed
pcap: pcap_sendqueue_queue: failed
pfring: error: dlopen('libpfring.so'): No such file or directory
initializing adapter
pcap: libpcap version 1.8.1
pcap:'eth0': opening...
pcap:'eth0': successfully opened
adapter initialization done.
THREAD: xmit: starting thread #0

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:03:38 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 13 hosts [2 ports/host]
THREAD: status: starting thread
THREAD: recv: starting thread #0 0:00:00 remaining, found=0       
THREAD: recv: starting main loop
maxrate = 1000.00
THREAD: xmit done, waiting for receive thread to realize this
THREAD: xmit: stopping thread #0waiting 0-secs, found=0        
THREAD: recv: stopping thread #0waiting 0-secs, found=0       
THREAD: status: stopping thread waiting -1-secs, found=0    

I tried with adding the --source-ip 192.168.1.200 but that also didn't work ( It was mentioned for banner grabbing here )

The same goes for scanning all 65535 ports with the above options or without it :

masscan -e eth0 --adapter-ip 159.x.x.147 --adapter-mac a6:b6:dc:2d:9b:d8 --router-mac 00:00:5e:00:11:3e --rate=1000 -iL ips.txt -p1-65535 --source-ip 192.168.1.200 -dd -oG masscan-results
pcap: found library: libpcap.so
pcap: pcap_dev_name: failed
pcap: pcap_dev_description: failed
pcap: pcap_dev_next: failed
pcap: pcap_sendqueue_alloc: failed
pcap: pcap_sendqueue_transmit: failed
pcap: pcap_sendqueue_destroy: failed
pcap: pcap_sendqueue_queue: failed
pfring: error: dlopen('libpfring.so'): No such file or directory
initializing adapter
pcap: libpcap version 1.8.1
pcap:'eth0': opening...
pcap:'eth0': successfully opened
adapter initialization done.

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:23:40 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 13 hosts [2 ports/host]
THREAD: status: starting thread
THREAD: recv: starting thread #0 0:00:00 remaining, found=0       
THREAD: recv: starting main loop
maxrate = 1000.00
THREAD: xmit done, waiting for receive thread to realize this
THREAD: xmit: stopping thread #0waiting 0-secs, found=0        
THREAD: recv: stopping thread #0waiting 0-secs, found=0       
THREAD: status: stopping thread waiting -1-secs, found=0      

However as I was putting up this issue, I tried this and this shows some promising results ( perhaps ) :

 masscan -iL ips.txt -p10-65500 --rate=100000

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:14:23 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 13 hosts [65491 ports/host]
Discovered open port 443/tcp on 143.x.x.2                                   
Discovered open port 443/tcp on 143.x.x.129                                 
Discovered open port 2000/tcp on 143.x.x.129                                
Discovered open port 443/tcp on 52.x.x.130                                   
Discovered open port 80/tcp on 143.x.x.106   
Discovered open port 8020/tcp on 143.x.x.129                                                               
Discovered open port 8008/tcp on 143.x.x.129                                
Discovered open port 443/tcp on 52.x.x.5                                     
Discovered open port 443/tcp on 52.x.x.35                                    
Discovered open port 443/tcp on 143.x.x.69                                  
Discovered open port 8010/tcp on 143.x.x.129                                
Discovered open port 80/tcp on 52.x.x.130                                    
Discovered open port 443/tcp on 52.x.x.20                                    
Discovered open port 443/tcp on 143.x.x.106                                 
Discovered open port 5060/tcp on 143.x.x.129                                
Discovered open port 80/tcp on 143.x.x.68                                   
Discovered open port 80/tcp on 143.x.x.2                                    
Discovered open port 80/tcp on 52.x.x.5                                      
Discovered open port 8020/tcp on 143.x.x.129                                
Discovered open port 80/tcp on 143.x.x.129                                  
Discovered open port 80/tcp on 52.x.x.20                                     
Discovered open port 80/tcp on 52.x.x.35                                     
Discovered open port 80/tcp on 143.x.x.69                                   
Discovered open port 443/tcp on 143.x.x.68                                  

And just to check whether masscan was actually giving the correct results, I checked with nmap for 3 weird ports ( which I doubted were open ) and it were open 😄 , thus verifying the masscan :

nmap -v -n -p8008,8010,8020 143.x.x.129

Starting Nmap 7.40 ( https://nmap.org ) at 2018-07-19 10:49 IST
Initiating Ping Scan at 10:49
Scanning 143.x.x.129 [4 ports]
Completed Ping Scan at 10:49, 0.22s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 10:49
Scanning 143.x.x.129 [3 ports]
Discovered open port 8008/tcp on 143.x.x.129
Discovered open port 8020/tcp on 143.x.x.129
Discovered open port 8010/tcp on 143.x.x.129
Completed SYN Stealth Scan at 10:49, 0.22s elapsed (3 total ports)
Nmap scan report for 143.x.x.129
Host is up (0.13s latency).
PORT     STATE SERVICE
8008/tcp open  http
8010/tcp open  xmpp
8020/tcp open  intu-ec-svcdisc

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.55 seconds
           Raw packets sent: 7 (284B) | Rcvd: 4 (160B)

I don't know the reason of "why this is happening ?"

But would surely want to know.

This issue started with a problem I was facing ( couldn't get any output ) and now I am left with a question "Why am I getting the results ?" 🤣

P.S. Perhaps this guy here is also facing the same issue #318 and here too issue #303

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions