0

I'm trying to determine which ports are in use with my machine. I found, online an article that listed one method as follows:

$ sudo nmap -sT -O localhost

I believedthis would give me a list of all ports listening for TCP packets. However, when I enter this command, I get the following result:

Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-02 21:07 EDT
socket troubles in HostOsScan: Permission denied (13)

If I'm running as sudo, how can I lack permission to run something on my machine??

I tried running just:

$ sudo nmap -sT  localhost

and got:

Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-02 21:28 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000094s latency).
Not shown: 999 closed ports
PORT    STATE SERVICE
631/tcp open  ipp

Just tried nmap without arguments and again was denied permission !?

$ sudo nmap localhost
Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-03 11:05 EDT
Couldn't open a raw socket. Error: Permission denied (13)

Looking at nmap's --help option, I see that -O enables OS detection. Why should I not have permission to use this option - especially with sudo? (Note: I'm currently running Ubuntu 18.04 & 20.04)

(Note: Accepted answer solves my root problem - looking at ports, but answer in comments section explains why I was having trouble with nmap. Apparently, because I installed with snap, I needed to also execute:

 $ sudo snap connect nmap:network-control

before nmap would work correctly

Improve this question
5
  • if you are using snap to provide nmap it's time to tell it. Commented Jun 3, 2021 at 15:50
  • @A.B - I realize this shows how little I know, but what do you mean "using snap to provide nmap"?? Commented Jun 3, 2021 at 15:53
  • If dpkg -S /usr/bin/nmap returns a line starting with nmap: then it's not through snap. Commented Jun 3, 2021 at 15:55
  • @A.B. Apparently, I did install nmap with snap - which nmap returns /snap/bin/nmap. So, what should I do? Commented Jun 3, 2021 at 15:58
  • 1
    askubuntu.com/questions/1031714/… Commented Jun 3, 2021 at 16:40

2 Answers 2

Reset to default
1

It you're trying to determine which ports are in use with your machine you don't need to scan. You can just list the ports directly

netstat -nap
ss -nap

If you're not root omit the -p flag. The LISTEN lines are the important ones for you, and you can filter for these with awk. For example

netstat -nap | awk 'NR==1 || /LISTEN/'
Improve this answer
-1

First "I'm trying to determine which ports are in use with my machine." then drop the -O since you don't need to know what your local OS is.

Might need more information.

  1. What OS are you running? Maybe include which kernel
  2. Are you running a firewall? or Fail2ban or any related security services?
  3. Can you install older version? My install in Nmap v7.80 from Ubuntu repo didn't show the same issue.
  4. Are you in a Virtual Machine, VPS, or hosted system?
  5. Is this a clean install with little to no installed programs? If so you have a quiet system, not much noise, not much to detect.
  6. Tried other OS detection Nmap options? --osscan-limit --osscan-guess --max-os-tries LINK

Lack of detected TCP ports makes OS detection difficult. Replies to TCP request is how OS detection works. Better explained here https://nmap.org/book/osdetect-methods.html

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.