ports – nmap different results when scanning from different sources

I get slightly different results when scanning an IP from 2 different hosts.
Here is Scan 1 from an Internet server with a public IP:

Nmap 7.80 scan initiated Tue Jan 21 18:48:08 2020 as: nmap -Pn -sS -p25 -T 2 --reason -v 3.XXX.XXX.XXX
Nmap scan report for XXX.eu-central-1.compute.amazonaws.com
Host is up, received user-set.

PORT   STATE    SERVICE REASON
25/tcp filtered smtp    no-response

Read data files from: /usr/bin/../share/nmap
Nmap done at Tue Jan 21 18:48:22 2020 -- 1 IP address (1 host up) scanned in 13.49 seconds

And here scan 2 from a local network PC:

root@kali:/# nmap -Pn -sS -p25 -T 2 --reason -v 3.XXX.XXX.XXX
Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-21 17:52 CET
( ... )
Scanning XXX.eu-central-1.compute.amazonaws.com (1 port)
Completed SYN Stealth Scan at 17:52, 0.40s elapsed (1 total ports)
Nmap scan report for XXX.eu-central-1.compute.amazonaws.com
Host is up, received user-set (0.0013s latency).

PORT   STATE  SERVICE REASON
25/tcp closed smtp    reset ttl 62

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds
           Raw packets sent: 1 (44B) | Rcvd: 1 (40B)

The nmap command line was exactly the same, but the port status differs.
And since my local machine gets more information, it gets a real response from the objective, it shouldn't be a problem or something related to the firewall. Similary.

Any idea why I get different results?

server: I changed the SSH port by default but in nmap scan it shows tcpwrapped `

I changed the SSH port from 22 to X, here X is my desired port number for SSH. When port scanned with nmap -sS -A showed me that a service called tcpwrapped is active in my port X

I checked the previous answers in this forum, but they are very technical and I don't understand what tcpwrapped really is. I guess it's just a way to hide the real name of the service (i.e., SSH) and instead shows tcpwrapped

Is there an updated list (not Nmap) of the main 100 or 1000 main common ports?

I know that Nmap has an nmap-services file that gives us the list of the 1000 main ports / services found on the Internet. But this list seems to be outdated, since the Nmap top 1000 list does not include several services used today (such as 27017 / mongoDB, 6379 / redis, 11211 / memcached, etc.). Is there any source other than Nmap, which can provide the updated list of the 1000 main common ports / services used on the Internet?

python – Nmap does not return the network protocol

I am playing with Nmap in Python and after executing these commands:

import nmap

nm = nmap.PortScanner()
nm.all_hosts()  # returns 127.0.0.1
nm('127.0.0.1').all_protocols() #  returns an empty list ()

I thought the network protocol should always be TCP or UDP
But how can I get anything from Nmap?

How to scan all ports in nmap

Unable to connect to port 0, see

https://unix.stackexchange.com/a/180500/85039

It is a special port that allows programs to obtain a random port for the outgoing connection.

Therefore, use -p 1-65535 for nmap, especially if you are using TCP or UDP scans

Is there a method or tool other than nmap for the detection of an operating system on a device connected to the network?

I wanted to know if there was any other way to detect the operating system of a network (other than nmap), since nmap does not detect most versions of Windows 10 and identifies them as a different operating system or as a different version of microsoft windows Thank you.

nmap – -sn works when a single objective is specified, but not when multiple objectives are selected

When I specify an individual objective,

>nmap -v3 -sn 172.18.188.209

I receive the correct and expected nmap response

Starting Nmap 7.70 ( https://nmap.org ) at 2019-11-08 11:16 India Standard Time
Initiating Ping Scan at 11:16
Scanning 172.18.188.209 (2 ports)
Completed Ping Scan at 11:16, 1.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 11:16
Completed Parallel DNS resolution of 1 host. at 11:16, 5.62s elapsed
DNS resolution of 1 IPs took 5.62s. Mode: Async (#: 4, OK: 1, NX: 0, DR: 0, SF: 0, TR: 3, CN: 0)
Nmap scan report for raspberrypi-dQ2XyAPpB6.dhcp.XXXX.com (172.18.188.209)
Host is up, received conn-refused (1.0s latency).
Read data files from: C:Program Files (x86)Nmap
Nmap done: 1 IP address (1 host up) scanned in 6.70 seconds

However, when I specify a range,

>nmap -v3 -sn 172.18.184,186,188.0-255

I get,

.
.
Nmap scan report for YYYY.dhcp.XXXX.com (172.18.188.208)
Host is up, received syn-ack (0.0010s latency).
Nmap scan report for 172.18.188.209 (host down, received no-response)
Nmap scan report for 172.18.188.210 (host down, received no-response)
.
.

I'm running Windows 10 version 1809 build 17763.737 Y Nmap 7.70

Additional information if it helps

>nmap -version
Nmap version 7.70 ( https://nmap.org )
Platform: i686-pc-windows-windows
Compiled with: nmap-liblua-5.3.3 openssl-1.0.2n nmap-libssh2-1.8.0 nmap-libz-1.2.8 nmap-libpcre-7.6 WinPcap-4.1.3 (packet.dll version 10 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: iocp poll select

Is this a mistake or am I missing something in the switches?

Thank you !

Nmap shows port 1720 – Exchange of information security stack

Battery exchange network

The Stack Exchange network consists of 175 question and answer communities, including Stack Overflow, the largest and most reliable online community for developers to learn, share their knowledge and develop their careers.

Visit Stack Exchange

nmap – Port scan: ask about the operating system and the version after Zenmap port scan

I have done an nmap scan on a server, it shows 4 open ports and the operating system is undetectable, I am trying to find the operating system on the server through the nmap findings, but nmap does not show any clear version of the operating system, I would like to know which tool can be used more to know the operating system and its version in this case. Below is a snippet of the nmap output. :

Not shown: 995 closed ports
PORT     STATE    SERVICE      VERSION
25/tcp   filtered smtp
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
6009/tcp filtered X11:9

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: ISS Proventia GX3002 firewall (Linux 2.4.18) (97%), Linux 2.6.22 (Debian 4.0) (97%), CMI Genus NEMA terminal (95%), D-Link DGS-1210 switch (95%), D-Link DI-604 wireless broadband router (95%), Efficient Networks SpeedStream 4100 ADSL router (95%), FreeBSD 6.1-RELEASE (95%), IBM i 6.1 (95%), Cobalt Qube 2700WG (Linux 2.0.34) (95%), Linux 2.4.20 (95%)
No exact OS matches for host (test conditions non-ideal).

nmap – Port Scan: Ask about the following steps after scanning Zenmap ports

I am very new in offensive security

I have done an nmap scan on a public IP, it shows 4 open ports and the operating system is undetectable, I have no idea how to continue, I appreciate the next steps in this case. Below is a snippet of the nmap output:

Not shown: 995 closed ports
PORT     STATE    SERVICE      VERSION
25/tcp   filtered smtp
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
6009/tcp filtered X11:9

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: ISS Proventia GX3002 firewall (Linux 2.4.18) (97%), Linux 2.6.22 (Debian 4.0) (97%), CMI Genus NEMA terminal (95%), D-Link DGS-1210 switch (95%), D-Link DI-604 wireless broadband router (95%), Efficient Networks SpeedStream 4100 ADSL router (95%), FreeBSD 6.1-RELEASE (95%), IBM i 6.1 (95%), Cobalt Qube 2700WG (Linux 2.0.34) (95%), Linux 2.4.20 (95%)
No exact OS matches for host (test conditions non-ideal).