Discovery scan as a port scan?


#1

Hello Friends,

I want to accomplish “port scanning”, or testing the firewalling between zones. I want to see what is open between zones, at layers 3 and 4 of OSI. I don’t want to use NMAP. Would the “Discovery” scan config achieve this? I’m not looking for a full vulnerability scan.

Thanks

Peter


#2

Hi,

please see Scan Ports on how to include all open TCP and UDP ports within your reports.

If you only want to get the open ports shown without doing vulnerability / product detection scans you can follow this steps:

  1. Create a new “Empty, static and fast” scan configuration

  2. Add the following three VTs to this scan config

    Nmap (NASL wrapper) - OID: 1.3.6.1.4.1.25623.1.0.14259

    Checks for open UDP ports (OID: 1.3.6.1.4.1.25623.1.0.103978)

    Checks for open TCP ports (OID: 1.3.6.1.4.1.25623.1.0.900239)

  3. Set the preference “Silent” of the two Open Ports VTs to “no”.

  4. (Optional) If you want to add hostnames to your scan report the following additional VT for GVM < 10 from the Service detection Family is required:

    Host Details - OID: 1.3.6.1.4.1.25623.1.0.103997

  5. Create a new target for the targets with the port list you want to use.

  6. Create a new task and assign the created scan configuration as well as the target to this task

  7. Run a new scan


#3

Thanks. I did all you instructed. It took a few minutes to find those VT’s, but I figured out the “Family” thing and found them.


#4

I’m trying out the config now. I have another question. Will your config tell me what ports are open on the firewall, even if there is no host behind the firewall listening or responding on that port? I want to see what the firewall is allowing through, even if there is no host with that IP address behind it.

thanks