I am trying to scan TCP port 8092 of a host using nmap 7.60. When I execute nmap without root privileges it says that the port is filtered, but if I try to scan it with sudo it tells me that the port is actually open. Also without root privileges nmap is telling me that the host is down, but it is actually replying to ICMP requests.
Host is down:
$ nmap -vv -n -p 8092 10.88.153.90
Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-06 11:59 CET
Initiating Ping Scan at 11:59
Scanning 10.88.153.90 [2 ports]
Completed Ping Scan at 11:59, 3.00s elapsed (1 total hosts)
Nmap scan report for 10.88.153.90 [host down, received no-response]
Read data files from: /usr/bin/../share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.04 seconds
Host is up, but TCP port 8092 is blocked:
$ nmap -vv -n -p 8092 10.88.153.90 -Pn
Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-06 12:00 CET
Initiating Connect Scan at 12:00
Scanning 10.88.153.90 [1 port]
Completed Connect Scan at 12:00, 2.00s elapsed (1 total ports)
Nmap scan report for 10.88.153.90
Host is up, received user-set.
Scanned at 2019-03-06 12:00:04 CET for 2s
PORT STATE SERVICE REASON
8092/tcp filtered unknown no-response
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 2.04 seconds
With sudo: Host is up and Port 8092 is open:
(which isn't completely true, because I am unable to retrieve any files over this port.)
$ sudo nmap -vv -n -p 8092 10.88.153.90
Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-06 12:00 CET
Initiating Ping Scan at 12:00
Scanning 10.88.153.90 [4 ports]
Completed Ping Scan at 12:00, 0.22s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 12:00
Scanning 10.88.153.90 [1 port]
Discovered open port 8092/tcp on 10.88.153.90
Completed SYN Stealth Scan at 12:00, 0.23s elapsed (1 total ports)
Nmap scan report for 10.88.153.90
Host is up, received echo-reply ttl 64 (0.00025s latency).
Scanned at 2019-03-06 12:00:13 CET for 1s
PORT STATE SERVICE REASON
8092/tcp open unknown syn-ack ttl 64
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.62 seconds
Raw packets sent: 6 (240B) | Rcvd: 13 (516B)
At the same time, I have a stable ping to this host:
$ ping 10.88.153.90 -c 4
PING 10.88.153.90 (10.88.153.90) 56(84) bytes of data.
64 bytes from 10.88.153.90: icmp_seq=1 ttl=64 time=0.242 ms
64 bytes from 10.88.153.90: icmp_seq=2 ttl=64 time=0.162 ms
64 bytes from 10.88.153.90: icmp_seq=3 ttl=64 time=0.169 ms
64 bytes from 10.88.153.90: icmp_seq=4 ttl=64 time=0.152 ms
--- 10.88.153.90 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 77ms
rtt min/avg/max/mdev = 0.152/0.181/0.242/0.036 ms
Both the server from where I am executing those commands and the 10.88.153.90 are behind a firewall but they should be able to see each other and all the ports beeing exposed, but apparently, this isn't the case.
This is from within 10.88.153.90:
$ netstat -tulnp | grep 8092
tcp 0 0 0.0.0.0:8092 0.0.0.0:* LISTEN 194735/nginx: maste
I have exactly the same situation with port 22 and I am able to connect to 10.88.153.90 using another private IP from a different network configured to another port of the device, but when I try to connect to 10.88.153.90 I got connection timeout:
$ ssh -vvv root@10.88.153.90
OpenSSH_7.7p1 Ubuntu-4ubuntu0.2, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /home/ubuntu/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolve_canonicalize: hostname 10.88.153.90 is address
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 10.88.153.90 [10.88.153.90] port 22.
debug1: connect to address 10.88.153.90 port 22: Connection timed out
ssh: connect to host 10.88.153.90 port 22: Connection timed out
My question is: Why does the host/port appear to be up/open, but I still can't connect to it?
