Security Basics
Re: nmap root vs user question Oct 14 2013 10:58PM
ToddAndMargo (ToddAndMargo zoho com)

>> On Fri, Oct 4, 2013 at 5:29 PM, ToddAndMargo <ToddAndMargo (at) zoho (dot) com [email concealed]
>> <mailto:ToddAndMargo (at) zoho (dot) com [email concealed]>> wrote:
>> Hi All,
>> "#" is my "root" prompt and "$" is my user prompt.
>> Question: why does namp sometimes work as root
>> and not as a user? Why no warning that a command
>> has to be run as root?
>> This works as root:
>> # nmap -p T:5020,5900
>> Starting Nmap 6.40 ( ) at 2013-10-04 14:25 PDT
>> Nmap scan report for
>> Host is up (0.00063s latency).
>> 5020/tcp filtered zenginkyo-1
>> 5900/tcp filtered vnc
>> Same command does not work as a user:
>> $ nmap -p T:5020,5900
>> Starting Nmap 6.40 ( ) at 2013-10-04 14:25 PDT
>> Note: Host seems down. If it is really up, but blocking our
>> ping probes, try -Pn
>> Many thanks,
>> -T

On 10/07/2013 06:26 AM, Duane Dunston wrote:
> NMAP has a discussion about this issue:
> As a normal user, nmap uses the connect() method with scans. As root,
> it can make use of raw sockets and other methods to craft TCP/IP
> packets, but those functions require root access.
> Regarding the no warning, it requires understanding the operating
> system, the application you are running and what has to run in
> privileged mode or non-privileged mode considering both of those
> factors. Also factors such as files and directories that are
> written/open during the applications execution may play a factor, as

Hi Duane,

Makes sense now. nmap tries to use what tools it has at
its disposal and doesn't complain about the lack thereof.

Thank you!


Computers are like air conditioners.
They malfunction when you open windows


Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.;4175;25;1371;0;5;946;e13b6be442

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus