Nmap shows all ports open when scanning via sys-whonix

User Support
1

Hi all!

I have a question about port scanning via sys-whonix. The problem is not directly related to Qubes, but rather Whonix and possibly other firewall rules that Qubes has in addition (maybe?). When scanning ports over the internet all ports are marked as open (due to SYN-ACK response), is there any way to get correct results when scanning through sys-whonix?

nmap -sT -Pn -n <ip> -p <port> -v

Thank you

2

This isn’t Whonix specific per se - you’ll see this if you try to scan
through Tor. Changing your netvm to sys-firewall will show the results
you expect.
If you want to scan over Tor, install proxychains, and change the last
line of /etc/proxychains.conf to:
socks4 IP_OF_NETVM 9050

2 Likes