Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I\'m running a basic scan using nmap from 1) a VM of Kali Linux running on perso

ID: 657851 • Letter: I

Question

I'm running a basic scan using nmap from

1) a VM of Kali Linux running on personal machine

2) an instance of Amazon Linux, running on Amazon's EC2 cloud

These two runs (against any target) are producing vastly different results, with the personal Kali run always producing much more and more detailed results (more IPs found, more ports in each IP). Does anyone have any explanation for this? I think that something in the cloud setup is affecting the scan. I have also tried running scan from Kali in cloud and nothing changed, so it isn't Kali vs non-Kali that is affecting results. My security group for my EC2 instance is configured to allow all inbound and outbound traffic. My instance is running on VPC, not classic, and I don't know if possibly there is a NAT or something intercepting the traffic but I don't think so. Also, I have received permission from Amazon and all targets of my scans to conduct this testing. Any input is appreciated. Thanks

Explanation / Answer

There are a number of differences between your EC2 scan and your Kali scan:

1. Most significantly, your Kali scan is performing a SYN scan (start to open a connection, listen for an "ACK" packet, then abandon it), while your EC2 scan is performing a Connect scan (fully open a TCP connection, then shut it down cleanly). Try a Kali scan in Connect mode (nmap -sT) to see if the results change.

2. Your EC2 scan is using version 5.51 while your Kali scan is using version 6.47. This shouldn't make a difference for a simple "open ports" scan, but the older version won't have the same software and OS version detection that the newer one does.

3. Your Kali scan shows dropped probes, meaning there's traffic congestion or a firewall between you and scanme.nmap.org. This shouldn't be causing false "open" results, though it can cause false "filtered" results.

My suspicion is that something is going wrong with your Kali scans, since my results for scanme.nmap.org are identical to your EC2 results.

Related Questions

I\'m really lost on this, please help: For each the following scenarios: - build
Question #3784589
I\'m really new and I may sound like a noob so please forgive me. Since gnupg is
Question #660209
I\'m really new in ruby (maybe few hours that I have started ruby) When I run th
Question #3552045
I\'m really new in ruby (maybe few hours that I have started ruby) When I run th
Question #3552152
I\'m really not understanding how to approach this problem. Newton\'s gravity eq
Question #2219425
I\'m really only interseted in C, F, G, and H. H has a typo, we have the mass of
Question #1795116
I\'m really struggling in my accounting class and was wondering If I could get s
Question #2422822
I\'m really struggling to find a concrete, easy to grasp, explanation of Atomici
Question #644440

Navigate

Previous
I\'m running CentOS on Virtual Box and I\'m having a problem with shared folder
Next
I\'m running a simulation in Pspice to view the transient response of a resistor