Why nmap miss ports sometimes?

I changed my vm to ubuntu, and this issue still there…

Use kali in its place.

Such a vague poorly worded question. There could be a multitude of things that cause nmap to miss ports, they could be filtered by firewalls or IDS/IPS, you could be meaning why does nmap not scan in order of ports? Well by default nmap scans the top 10000 most “common” ports. You could not be connected the the vpn and then you will never get results. I mean there is a lot to the question.

Sorry, i tried -p[1-65535] to force it scan all ports(on HTB machines), but this issue still be there.

Could you provide the machine in specific? So their is many variances that play into NMAP scans, Some machines only have UDP open, you may need to tweak nmap to scan for UDP, you may need to tweak nmap to bypass IDS/IPS. You may just need to start basic ping sweep and see if you are even hitting the box to begin with then work upwards. The port you may be looking for might not be open from external. Some challenges and boxes will have ports open internal which you can setup remote tunneling to allow it accessible external then bounce into the box over that port.

Academy has an amazing module that does touch on a lot of those issues.

Thanks, I think it may caused by --min-rate, I set the value to 10000, maybe too fast for this.

Possibly. For the purpose of training its better to start wide then tighten the target. Some testing would help identify what the rates you can scan something at and whatnot. Plus, 10k is insanely fast and loud anyways. I’d refrain from scanning all 65k ports in these environments unless you gather some recon that might lead you to believe there could be specific ports. ie some exploit might like to host itself over lets say 4444 then you can just -p 4444 and scan that specific one.

1 Like