Open BeanBagKing opened 5 years ago
--show open,closed
both when running the scan and saving to a file (especially a binary file), as well as when running ``--readscan``` after the fact.
Masscan (in my testing) appear to only send traffic to the default gateway, so if your gateway is a security appliance it is likely the connection will not work as the gateway will only see part of the flow (and likely makes its own changes to seq/ack).
This -appears- to only be an issue with TCP packets, and only on the local subnet. I do get valid results from hosts outside the subnet, and I do get at least some UDP ports found. However, even though UDP shows up in stdout, found never increments there either.
Using the packet-trace and debug/verbose options, I can see SYN-ACK and RST-ACK packets being received by masscan. However, these ports never show up in stdout, and "found" never increments.
Below is a small and slow sample just to show the behavior. I've replaced the first two octets of the IP addresses below. It may be worth noting that they are non-RFC-1918 addresses, but that the range in question is owned by us and contained within our own environment, just in case you treat RFC-1918 address space differently.
Am I doing something stupid?
Edit: Something else I've noticed, when using --ping, even outside the local subnet, a result of a "Discovered" message ("Discovered open port 0/icmp on...") doesn't increment "found" either. Similar results to the UDP findings above. Is it by design that non-TCP messages don't increment found? This isn't really important since the results still contain the message, just unexpected.