为什么nmap扫描端口给出的结果与Python不同?我非常喜欢用Python版本来补充任务。

我有一个易受攻击的框与IP 192.168.41.2和端口扫描与nmap导致:

nmap -T4 -p- 192.168.41.2
Starting Nmap 7.91 ( https://nmap.org ) at 2021-07-27 15:13 EDT
Nmap scan report for 192.168.41.2
Host is up (0.00024s latency).
All 65535 scanned ports on 192.168.41.2 are closed
MAC Address: 00:50:56:EA:44:EB (VMware)

Nmap done: 1 IP address (1 host up) scanned in 2.72 seconds

告诉我没有开放的端口。然后,我用Python脚本检查结果:

from scapy.all import *
import argparse

parser = argparse.ArgumentParser()
parser.add_argument('ip')
args = parser.parse_args()
ip = args.ip

ports = [i for i in range(65535)]

def synScan(host):
    resp, _ = sr(IP(dst=host)/TCP(sport=5555, dport=ports, flags='S'), timeout=2, verbose=0)
    print(f'Open ports on {host}:\n')
    for s, r in resp:
        if s[TCP].dport == r[TCP].sport:
            print(f'TCP Port {s[TCP].dport} is open.')


synScan(ip)

通过运行执行脚本,导致:python3 port_scanner.py 192.168.41.2

Open ports on host 192.168.41.2:
TCP Port 0 is open.
TCP Port 1 is open.
TCP Port 2 is open.
TCP Port 3 is open.
TCP Port 4 is open.
TCP Port 5 is open.
TCP Port 6 is open.
TCP Port 7 is open.
TCP Port 8 is open.
TCP Port 9 is open.
TCP Port 10 is open.
TCP Port 11 is open.
TCP Port 12 is open.
TCP Port 13 is open.
TCP Port 14 is open.
TCP Port 15 is open.
TCP Port 16 is open.
TCP Port 17 is open.
TCP Port 18 is open.
TCP Port 19 is open.
TCP Port 20 is open.
TCP Port 21 is open.
TCP Port 22 is open.
TCP Port 23 is open.
TCP Port 24 is open.
...
...

我的问题是我应该更信任哪种扫描?Nmap 是非常流行的网络扫描仪和替罪羊是相当受欢迎的, 但在这里你看到的结果。

解答

如果您收到了对SYN包的应答,那么该端口将被认定为打开的。这是错误的。例如,如果是RST报文,则关闭该端口。这个脚本告诉我们端口是否被过滤了。

因此,如果您想使用scapy,还必须检查应答包是否也设置了SYN包。