Results and Status
The status is determined by comparing the previous two scans, whether these are initiated manually through the web interface or if they are triggered as part of a scheduled scan operation. The test looks for differences in Host results as well as the Port / Service results.
Status Changed: This indicates there is a difference in results of the previous two scans.
Status No Data: There is not enough data to determine the status (there are not two results available for comparison).
Status Running: Currently a scan is running, refresh the page to check the results.
Status Error: This indicates a problem with the most recent scan.
Are your results "0 hosts UP"?
If you are testing open ports daily or weekly and find Nmap is returning 0 hosts up. There are a few possibilities. If your external facing system is not responding to Ping from external sources then the IP Address will not be scanned. Nmap first attempts to discover if your system is UP by sending an ICMP ping; so in the event that your border firewall or router is dropping ICMP packets the scanning will not continue as your systems will be classed as being down.
A second thing to check is that you have specified the correct protocol
IPv4 or IPv6 depending on your system. A system wrongly classified will be reported as being down, as the Nmap scanning engine will not receive a Ping response from the invalid IP Address.
Intrusion Prevention Systems are also a possible cause of the lack of response, if you are using a system with a IPS in place. The IPS may detect the scan and block packets from our IP Address. Check your IPS for alerts or if you are a hosted customer check with your service provider to see if they have any IPS blocking mechanisms in place.
Selecting Your Target
Using the automated Port Scan you are able to scan a single IP address
192.123.x.x, a hostname
scanme.nmap.org or a range of IP addresses
192.168.0.0/24. It is also possible to schedule a list of targets in one hit using the bulk add option as noted below.
If you wish to target a range of IP addresses you may use the format
192.168.1.1-50 or in CIDR
192.168.1.0/24. This can be up to a full /24 net block. 254 IP addresses are the maximum amount that can be scanned on one scan profile. Please ensure any subnets do not overlap onto targets you do not have permission to scan.
Adding targets in bulk
A list of targets can be added by having submitting the targets with simple line breaks. All targets from list will have scan properties as selected in the form. It is not possible to add both IPv4 and IPv6 targets as a list (create two lists). Note that adding multiple targets with different labels is possible by having the list contain comma separated values.
Adding a list of targets 192.168.1.1,target1-label 192.168.1.2,target2-label 192.168.1.3 192.168.1.4,target4-label
Number of Scans
The number of IP addresses that can be scanned is based on a weekly quota. If you scan a full Class C netblock every day, this is adds up to 7 * 254 = 1778 weekly count.
Time of Scheduled Scans
The scans can be scheduled for any hour during the day. Port scans are then queued on that hour, and will run in sequence so if you scheduled 20 scans for 13:00 UTC they will not all run simultaneously right on 13:00.
- Monitor changes to firewalls and network perimeters.
- Detect configuration errors that may introduce security vulnerabilities.
- Discover compromises to Internet facing systems, where the attacker creates back doors on exploited systems.