You already got three 'open' and 997 'filtered'  ports with the nmap scan you did. This should be obvious that there's a firewall in between.



Then why did you try Fin and Xmas scan? Both the Fin and Xmas scans are similar, in the fact that they have FIN flag set and are unreliable (At least on Windows) . They don't work with Windows because Windows machines respond with a RST to a FIN whether the port is closed or not.

Port 139 and 445 are open in default installations of Windows. However, they pose a security risk over WAN. Suggest your friend to close these ports immediately.

Lesson Time: You've to understand that as much as you want it, not every system is hackable. Sometimes, no matter what you do, you just can't hack it. It could be completely patched, it might have strong passwords etc.

However,there are scores of methods to get into a system, you are limiting yourself to only one. Be creative. If you can't enter through 139, 445 there must be some other ways..

Try the following commands. I'm sure there's a surprise awaiting you








For each of these commands try to understand what's happening and why is it behaving like this and report back.

I already posted this reply, but deleted it because I messed up pretty bad. So I'm posting it again.

Lesson time (no. 2): And this is a lesson for me too.
Did you run a sniffer and checked the output you got. Always have a sniffer running when performing something as important as port scanning. You'll get a lot of false positives and you've to detect them.

Use the following commands with wireshark or TCPdump running. Check what replies you get.

For Netcat

Now compare it with

What do you see? Match the sniffer outputs for both netcat and nmap and check what Netcat is doing wrong.

Netcat should NEVER be used for UDP port scans because it always shows the port open. Nmap is the ultimate scanner and what you got with Nmap is the actual result.

BTW did you try connecting via telnet and ftp? You didn't report their result. This is the main thing that I wanted you to test.

Furthermore, did you get what device I'm asking you to scan?

Oh, yes. The next step is version scanning. But firstly confirm that the ports are open.

for this one couldn't get anything because i got this error :



with Nmap i got this :



i think that yes Ncat got false positive results

yes tried and didn't get any reply so i think yes that Ncat was messing around those ports not open

i didn't get this one what do u mean ...what device ?

oh yes sorry about this i thought its S not Z at the command nzvu i typed nsvu

anyway thats only what i got :
nc -nzvu 10.0.0.3 69
(UNKNOWN) [10.0.0.3] 69 (?) open


yes yes i got it now yes its a computer not router or anything else its PC



sorry one more thing forgot to say :

i used wireshark to check the ports that u said with no success to get any traffic between

ip.addr == 10.0.0.3 && udp.port == 69
ip.addr == 10.0.0.3 && udp.port == 161
ip.addr == 10.0.0.3 && udp.port == 162

no he is connecting to internet via Mikrotik router we are at the same lan

he is the Lan Admin he is the owner its Mikrotik server what he made

whats on ur mind ?

but what that to do with my friend pc ? you talking about router

but as u said that opened ports at router is alot but can't exploit them :S:S

port 53 dns is 1 of them UDP port

hi guys,

my apologies for interrupting this (amazingly good and educating) discussion but, rebrov, are you authorized to perform these actions against this machine?

cos otherwise, I can't understand why this discussion is allowed and hosted in the EH-Net...

no offense to anybody, I don't mean to indicate to anyone how to moderate of course. I just have seen no indications so far that these actions are taking place during a black/gray/white box pen testing process...