![zenmap scan subnet zenmap scan subnet](https://vitux.com/wp-content/uploads/2018/11/ubuntu-nmap-network-scan-1024x512.jpg)
That means the UTM didn't block this packet?! But I can't find the ACK packets or any other packets with that port number in the logs. I can see that the UTM firewall dropped the SYN packets from the port scan. And the RasPI answers to it with a RST packet. Regarding to the dump this packet has no flags set. No packets from the NMAP client until a packet on port 80 arrives. In the tcpdump of the RasPI I can see the same. That's what I can see in the Wireshark dump of the NMAP client. Then the scan client sends a ACK packet (not SYN-ACK!) on port 80 to the RasPI. The NMAP Quick scan send a lot of SYN packets to the RasPI on different ports (e.g. But as I wrote above, I already authenticated and had Internet access. I thought about the Hotspot function, which redirects all traffic to the landing page of the UTM. This scan result showed only port 80 was open. Then I started the NMAP Quick scan from VLAN2 against the RasperryPI in VLAN1, and also the dumps with Wireshark and tcpdump. The scan result showed only port 22 was open.
![zenmap scan subnet zenmap scan subnet](https://www.maketecheasier.com/assets/uploads/2014/01/zenmap-ping-scan.jpg)
Rasperry PI with tcpdump in the main VLAN1 (192.168.10.0/24) with IP address 192.168.10.4.īefore I started I scanned the RaspberryPI with a NMAP Quick scan within the same subnet to be sure, which ports are opend. The client had authenticated to the Hotspot to get access to the Internet.
![zenmap scan subnet zenmap scan subnet](https://higherlogicdownload.s3.amazonaws.com/HPE/MigratedInlineFiles/781649900d7d4315a2621ff261ebfe2b_2015_06_16_06_43_591.png)
ZENMAP SCAN SUBNET MAC
The packets came all from the MAC address of my UTM. I did some more researchs yesterday and I think it's not the switch which leaks the packets into the other VLAN. I have already disabled the HotSpot, WebProxy, IPS and ATP, but had no effect. Now I'm wondering if this is a normal behaviour, or if I found a bug, or a function of the UTM is responsible for this.
![zenmap scan subnet zenmap scan subnet](https://www.ceos3c.com/wp-content/uploads/2019/03/nmap-tutorial-series-1-nmap-basics-03.png)
The source MAC address of the response is from the LAN IF of my UTM. I'm not sure if this packet comes from the client or from the UTM, but this shows NMAP that there is a client online. I saw that the scan sends a ACK packet on TCP/80 to the client (No 3), and a RST,ACK comes back (No. Then I started Wireshark on the scan client, and filtered the packets to the IP of my switch (192.168.10.6) during a NMAP quick scan. But the named clients answered to this dropped packets and the answer is also dropped according to the live log. I saw that the scan client in VLAN2 sends a request to every IP on port 80 which where ALL dropped. I opend the firewall live log during the scan.
ZENMAP SCAN SUBNET WINDOWS
Two Windows clients in the same subnet were not found. All except the mobile phone have port 80 open, and all clients have a Linux distribution running. The hosts are my mobile phone, my NAS, a switch (one of two) and a router. Nevertheless NMAP showed me some (not all!) of my online hosts in VLAN1 when I start a scan. Nothing else like WebProxy or Protection is configured for this VLAN. VLAN2 has configured DHCP, DNS and the HotSpot option. There is no rule that allows the access from VLAN1 to VLAN2 or vice versa. Therefore I scanned my privat network (VLAN1) from a host (192.168.20.12) in my guest network (VLAN2) with NMAP. There was a question in in the German part of this forum regarding the accessibility between two VLANs, which are configured on the UTM.