I'm using nmap on my local network and saw that the output of sudo nmap 192.168.1.0/24 has multiple hosts that have the same MAC address.
Nmap scan report for 192.168.1.120
Host is up (0.13s latency).
MAC Address: B6:B0:24:0F:58:49 (Unknown)
Nmap scan report for 192.168.1.185
Host is up (0.018s latency).
MAC Address: B6:B0:24:0F:58:49 (Unknown)
Nmap scan report for 192.168.1.201
Host is up (0.060s latency).
MAC Address: B6:B0:24:0F:58:49 (Unknown)
Nmap scan report for 192.168.1.202
Host is up (0.060s latency).
MAC Address: B6:B0:24:0F:58:49 (Unknown)
Nmap scan report for 192.168.1.204
Host is up (0.063s latency).
MAC Address: B6:B0:24:0F:58:49 (Unknown)
In what situation would this happen? I've searched around but haven't found any resources on this.
After doing a tcp port scan of one of the hosts, I see the the following:
Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-22 18:20 CDT
Nmap scan report for 192.168.1.185
Host is up (0.0083s latency).
Not shown: 65533 filtered tcp ports (no-response)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
20002/tcp open commtact-http
MAC Address: B6:B0:24:0F:58:49 (Unknown)
I've read from this post that it may be a wifi extender, but I wouldn't expect the ssh port to be open on that.
EDIT:
I think if this were a wifi extender, having ssh, http, and commtact open would make sense if the extender had some sort of remote access as well as a login page. As running nmap -p 80 --script http-auth-finder 192.168.1.185 outputs:
PORT STATE SERVICE
80/tcp open http
| http-auth-finder:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=192.168.1.185
| url method
| http://192.168.1.172:80/locale/language.js HTTP: Server returned no authentication headers.
| http://192.168.1.172:80/themes/default/css/perfect-scrollbar.css HTTP: Server returned no authentication headers.
| http://192.168.1.172:80/js/su/language.js HTTP: Server returned no authentication headers.
| http://192.168.1.172:80/themes/default/css/total.css HTTP: Server returned no authentication headers.
| http://192.168.1.172:80/js/libs/respond.min.js HTTP: Server returned no authentication headers.
| http://192.168.1.172:80/js/su/frame.js HTTP: Server returned no authentication headers.
| http://192.168.1.172:80/js/su/widget.other.js HTTP: Server returned no authentication headers.
| http://192.168.1.172:80/themes/default/css/total.ie8.css HTTP: Server returned no authentication headers.
| http://192.168.1.172:80/js/su/su.fun.js HTTP: Server returned no authentication headers.
| http://192.168.1.172:80/js/su/widget.form.js HTTP: Server returned no authentication headers.
| http://192.168.1.172:80/themes/default/css/base.css HTTP: Server returned no authentication headers.
| http://192.168.1.172:80/js/app/url.js HTTP: Server returned no authentication headers.
| http://192.168.1.172:80/themes/default/css/mobile.css HTTP: Server returned no authentication headers.
|_ http://192.168.1.172:80/js/libs/jquery.min.js HTTP: Server returned no authentication headers.
It is indeed a wifi extender. I have a TP-Link TL-WA850RE from Amazon with the same MAC-prefix. Weirdly this prefix is not documented in any MAC vendor database.
Thankfully this (2 days old) post got already indexed, since its the only thing I could find by googling :)
Nmap output:
Nmap scan report for 192.168.0.xxx
Host is up (0.0097s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh Cisco/3com IPSSHd 6.6.0 (protocol 2.0)
80/tcp open http
NMAP output with MAC address:
Nmap scan report for 192.168.0.xxx
Host is up (0.070s latency).
MAC Address: B6:B0:24:07:**:** (Unknown)
Related
Take note of the port 9000 below. It's open for localhost but not the external IP. Anyone can provide help? I have already disabled the firewall
Starting Nmap 6.40 ( http://nmap.org ) at 2018-08-29 05:53 PDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000020s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
139/tcp open netbios-ssn
445/tcp open microsoft-ds
8031/tcp open unknown
8042/tcp open fs-agent
8088/tcp open radan-http
9000/tcp open cslistener
Nmap done: 1 IP address (1 host up) scanned in 2.51 seconds
[root#localhost ~]# nmap 192.168.146.128
Starting Nmap 6.40 ( http://nmap.org ) at 2018-08-29 05:54 PDT
Nmap scan report for 192.168.146.128
Host is up (0.000037s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
22/tcp open ssh
23/tcp open telnet
139/tcp open netbios-ssn
445/tcp open microsoft-ds
8031/tcp open unknown
8042/tcp open fs-agent
8088/tcp open radan-http
[root#localhost ~]# firewall-cmd --zone=public --permanent --add-port=9000/tcp
FirewallD is not running
Modify core-site.xml. For the entry fs.default.name, change the value to hdfs://0.0.0.0:9000 and restart the service.
If you set the entry to localhost, then TCP will listen on 127.0.0.1 which is only available internally to the machine. Using 0.0.0.0 means listen on all network interfaces which allows for external access.
I've configured my server to run with the following flags:
Server--> Server Types --> WebSphere application servers --> Additional Properties --> Debugging Service:
JVM Debug Arguments= -Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8888
JVM Port= 8888
I configured eclipse debug configuration with the server ip (verified that ip is reachable with the ping command) and port
To be sure i increased the debugger timeout as well .
I've got: Failed to connect to remote VM. Connection refused.
Connection refused: connect
so i did a port scan on the server with (nmap xxx.xxx.xxx.xxx -p 8888) and the port seems:
PORT STATE SERVICE
8888/tcp closed sun-answerbook
moreover looking at the section Server--> Server Types --> WebSphere application servers --> Communications-->Ports of WebSphere admin consolle
i don't see the port 8888 in the list.
what do i need to do?
open the port on the machine? (how?)
add the port in the list of the above mentioned section?
other?
###### EDITED ########
ADDITIONAL CHECKS
netstat -na | grep 8888 --->no listening port/doesn't show me nothing
----------------------------------------------------------------------------
[root#dmgr ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
----------------------------------------------------------------------------
C:\Users\alex>nmap 192.168.115.235 -p 8888
Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-23 10:58 ora solare Europa occidentale
Nmap scan report for xxxx.xxxxxxxxxxxx.com (192.168.115.235)
Host is up (0.0018s latency).
PORT STATE SERVICE
7777/tcp closed cbt
Nmap done: 1 IP address (1 host up) scanned in 4.59 seconds
so, no listening port on 8888, no iptables rules that deny the connection, how to investigate further?
You are almost there :-)
On the Debugging Service page where you set the port and arguments, there is a checkbox - Enable service at server startup - ensure that it is checked.
If not, check, and restart the server.
After that you should see the debugging port open. You can check it for example via netstat -an.
If the port is open and you still cannot connect then it is probably the firewall issue.
Here some more details about setting the debug - Starting the application server in debug mode
I'm in the middle of installing and configuring an XMPP server, using ejabberd on Windows server 2012, running on an EC2 box.
I have opened port 5222 within windows firewall, and added to the security group for the EC2 instance
Custom TCP Rule
TCP
5222
0.0.0.0/0
ejabberd_c2s
Custom TCP Rule
TCP
5222
::/0
ejabberd_c2s
My XMPP logins are not working, and so I've turned to telnet to try and debug - it sees that port 5222 is reporting as closed:
PS C:\WINDOWS\system32> telnet hostname.com 5222
Connecting To hostname.com...Could not open connection to the host, on port 5222: Connect failed
Any guidance or steps towards debugging would be appreciated!
The issue here was in ejabberd's default configuration of "::" as an IP to listen, which forced it to listen only to IPv6.
By updating the ejabbed config to
port: 5222
ip: "0.0.0.0"
module: ejabberd_c2s
I was able to connect via telnet, and able to access the server using XMPP.
I have an EC2 instance which is running with the following security groups:
HTTP - TCP - 80 - 0.0.0.0/0
Custom UDP Rule - UDP - 1194 - 0.0.0.0/0
SSH - TCP - 22 - 0.0.0.0/0
Custom TCP Rule - TCP - 943 - 0.0.0.0/0
HTTPS - TCP - 443 - 0.0.0.0/0
However, when I try to access http://{PUBLIC_IP} or https://{PUBLIC_IP} in the browser, I get a "{IP} refused to connect" error. I'm new to AWS. Am I missing something here? What should I do to debug?
One way to debug this particular class of problem is to use netcat in order to determine where the problem lies.
If you run netcat against port 80 on the public IP address of your instance and just get a hang (no output at all), then most likely your security group isn't allowing traffic through. Here is an example from an EC2 instance that is in a security group that doesn't allow port 80 traffic inbound:
% nc -v 55.35.300.45 80
<just hangs>
Whereas if the security group is changed to allow port 80, but the EC2 instance doesn't have any process listening on port 80, you'll get the following:
% nc -v 55.35.300.45 80
nc: connectx to 52.38.300.43 port 80 (tcp) failed: Connection refused
Given that your browser gave you a similar "connection refused", most likely the problem is that there is no web server running on your instance. You can verify this by ssh'ing into the instance and seeing if you can connect to port 80 there:
ssh ec2-user#55.35.300.45
% nc -v localhost 80
nc: connect to localhost port 80 (tcp) failed: Connection refused
If you get something like the above, you're definitely not running a webserver.
I'm not sure if it's too late to help but I was stuck with a similar issue with my test server
SG Inbound: ssh -> 22
HTTP -> 80
NACL: default allow/deny settings
but still couldn't ping to the server from my browser, then I realize there's nothing running on the server that can serve the request, and I started httpd server (webserver) and it worked.
sudo yum -y install httpd
sudo service httpd start
this way you can test the connectivity if you are playing with SGs and NACLs and of course it's not the only way, just an example if you're figuring your System N/W out.
Have you installed webserver(ngingx/apache) to serve your requests. If so please share your the config files. (So that it will help to troubleshoot)
I think the reason is probably that you did not set up a web server for your EC2 instance, because if you try to access http://{PUBLIC_IP} or https://{PUBLIC_IP}, you need to have a background server to serve the http request as #Niranj Rajasekaran said.
By the way, by simply pinging the {PUBLIC_IP}, you could see if your connection to your EC2 instance is normal or not.
In command prompt or terminal, type
ping {PUBLIC_IP}
In my case, the server was running but available on just 127.0.0.1 so it refused connections from external hosts. To see if this is your situation, you can run
netstat -an | grep <port number>
If it says 127.0.0.1:<port number> instead of 0.0.0.0:<port number>, you have this problem.
Usually there's a flag or an argument in your server code somewhere to set the host to 0.0.0.0:
app.run(host='0.0.0.0') # flask example
However, in my case, I had already set this so I thought that couldn't possibly be the issue, which is how I ended up on this thread, which asks more generally about the problem. Unfortunately, I was using docker, and had set 0.0.0.0 on the container but was mapping that explicitly to 127.0.0.1 on the host in the docker-compose port-mapping:
ports:
- "127.0.0.1:<port number>:<port number>"
Changing that line to remove the host IP specification fixed the problem upon re-deploy:
ports:
- "<port number>:<port number>"
There is a related post here: Port mapping in Docker on Mac OSX installed with Docker Toolbox
but it didn't work for me
Get ports for container
docker port 485186e65a5e
8080/tcp -> 0.0.0.0:33360
8088/tcp -> 0.0.0.0:33359
19888/tcp -> 0.0.0.0:33358
50070/tcp -> 0.0.0.0:33357
50075/tcp -> 0.0.0.0:33356
8042/tcp -> 0.0.0.0:33361
Check that someone listens to ports in container
bash-4.1# netstat -alnpt | grep 19888
tcp 0 0 127.0.0.1:19888 0.0.0.0:* LISTEN 1094/java
Do wget in container
bash-4.1# wget 127.0.0.1:19888
--2016-04-11 14:16:54-- http://127.0.0.1:19888/
Connecting to 127.0.0.1:19888... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://127.0.0.1:19888/jobhistory [following]
--2016-04-11 14:16:54-- http://127.0.0.1:19888/jobhistory
Reusing existing connection to 127.0.0.1:19888.
HTTP request sent, awaiting response... 200 OK
Length: 6763 (6.6K) [text/html]
Saving to: `index.html'
100%[================================================================================================================================================================================>] 6,763 --.-K/s in 0s
2016-04-11 14:16:54 (182 MB/s) - `index.html' saved [6763/6763]
Try to access forwarded port from host, no luck... :(((
$docker-machine ip default
192.168.99.100
$ wget 192.168.99.100:33358
--2016-04-11 16:18:04-- http://192.168.99.100:33358/
Connecting to 192.168.99.100:33358... failed: Connection refused.
What do I do wrong?
Omg, desired service started on 127.0.0.1 in container, that is why it wasn't visible from outside world. I've modified service config to start on 0.0.0.0 and now I can access forwarded container port
I had the same problem and was able to fix it by specifying the host that the server within the container uses.
NOTE: when using host below, it means a web server host. When I use host-machine, I mean the main operating system I'm using, (i.e. not a container or a web server, just my laptop as a machine)
The Problem
Running web servers on the container like webpack-dev-server and http-server automatically run the app using a host of http://localhost. Typically you will see that in the output when you start the server. Something like :
Project is running at http://localhost:8080
or
Server available at http://127.0.0.1:8080
On most machines, localhost and 127.0.0.1 are the same thing. This host is not publicly viewable. As a result, your host machine can't see anything, even though it's looking in the right place.
Solution
You should specify a public host when you run the server inside your container.
webpack-dev-server --port 8080 --host 0.0.0.0
or
http-server -p 8080 -a 0.0.0.0
Because the 0.0.0.0 address is viewable to any outside machine, you should be able to see your app working as expected from your host machine.
NOTE: This works for any server, like Python's SimpleHTTPServer, etc. Just look up how to change the host for your chosen server in the documentation
Resources/Nods
(how to run webpack-dev-erver with a publicly accessible host)[How to make the webpack dev server run on port 80 and on 0.0.0.0 to make it publicly accessible?