mjhjmtu

Question

I have "(22 - 'Invalid argument')" using nmap.
I'V google'd and got https://seclists.org/nmap-dev/
but on that is it talks about IPv6 while I got this error using
IPv4 in no place IPv4 is mensionned, so why am I getting
this weird error ???????????

i entered

nmap --send-eth --release-memory --nsock-engine=epoll --allports --fuzzy 
 --randomize-hosts --log-errors --max-os-tries=9 -n --reason 
 --append-output --scanflags=URGACKPSHRSTSYNFIN --max-retries=6 
 --host-timeout=225s --stats-every=10m --ttl=255 --min-hostgroup=5 
 --max-hostgroup=25 --max-rtt-timeout=60s --scan-delay=250ms 
 --max-scan-delay=25s --stats-every=1 -v5 -sT -sV -A -p 80-82 
 0.18.0.0

and got

Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-17 16:05 CET
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 16:05
Completed NSE at 16:05, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 16:05
Completed NSE at 16:05, 0.00s elapsed
Initiating Ping Scan at 16:05
Scanning 0.18.0.0 [2 ports]
Stats: 0:00:01 elapsed; 0 hosts completed (0 up), 1 undergoing Ping Scan
Ping Scan Timing: About 0.00% done
Strange read error from 0.18.0.0 (22 - 'Invalid argument')
Strange read error from 0.18.0.0 (22 - 'Invalid argument')
Completed Ping Scan at 16:05, 0.50s elapsed (1 total hosts)
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 16:05
Completed NSE at 16:05, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 16:05
Completed NSE at 16:05, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 1.46 seconds

when trying with less arguements nmap -p 80-82 0.18.0.0
got:

Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-17 16:24 CET
Strange read error from 0.18.0.0 (22 - 'Invalid argument')
Strange read error from 0.18.0.0 (22 - 'Invalid argument')
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.12 seconds

when trying with ncat i got

marc@platinum:~/NCat_test$ nc -vvv 0.18.0.0 80
0.18.0.0: inverse host lookup failed: Unknown host
(UNKNOWN) [0.18.0.0] 80 (http) : Invalid argument
 sent 0, rcvd 0

marc@platinum:~/NCat_test$ nc -vvv 0.18.0.0 81
0.18.0.0: inverse host lookup failed: Unknown host
(UNKNOWN) [0.18.0.0] 81 (hosts2-ns) : Invalid argument
 sent 0, rcvd 0

i still have "Invalid argument" but this time instead of 22 I got the post numbers and service

80 (http)
81 (hosts2-ns)

this raises a few questions

does the "Invalid argument" of ncat and nmap relate to the same thing ?

how can I make nmap for informative instead of printing 22 ?

how can I say that the remote port is really CLOSEd or is it really OPENned and rejecting because of the firewall ?

Andreas WieseAndreas Wiese 7,6792234 · Accepted Answer · 2019-01-22 23:03:44Z

Address 0.18.0.0 (resp. 0.0.0.0/8) is not allowed as a destination IP address by standard™:

From RFC 6890:

2.2.2. IPv4 Special-Purpose Address Registry Entries

Tables 1 though 16, below, represent entries with which IANA has

initially populated the IPv4 Special-Purpose Address Registry.

 +----------------------+----------------------------+
 | Attribute | Value |
 +----------------------+----------------------------+
 | Address Block | 0.0.0.0/8 |
 | Name | "This host on this network"|
 | RFC | [RFC1122], Section 3.2.1.3 |
 | Allocation Date | September 1981 |
 | Termination Date | N/A |
 | Source | True |
 | Destination | False |
 | Forwardable | False |
 | Global | False |
 | Reserved-by-Protocol | True |
 +----------------------+----------------------------+

 Table 1: "This host on this network"

Thus 0.0.0.0/8 and hence 0.18.0.0 is no valid destination address, hence the kernel returns EINVALID on socket operations trying to use it as a destination.

Hint: You might want to use RFC 1918 addresses for your locally administered network.

Thank's for your reply. This was really helpfull but also a bit confusing. I'v read RFCs 1918 and 6890 and the following CIDR IPs are listed as unreachable 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 192.88.99.0/24 192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 203.0.113.0/24 240.0.0.0/4 255.255.255.255/32 I'v tried to connect using nmap/ncat and succeeded on some of those which I consider as an error since that are supposed to be 'unreachable' thank's — Jan 26 at 13:49
reachable 'unreachable' IPs 127.254.254.254 169.254.0.1 192.0.3.1 127.158.154.70 127.122.122.10 127.36.6.123 127.66.103.130 127.12.163.165 conclusions for tests were all wrong because those IPs aren't supposed to be This means: 1) RFCs are wrong : very unlikely 2) I'v misinterpreted the real meaning for those, that is I'v included IP ranges that are valid WITHIN the invalid IPs 3) those RFC were superseeded (invalidated by newer RFCs): April 2013 RFC6890, February 1996 RFC1918, as they are 5 and 22 yo resp. 4) the remote IPs sysadmins didn't follow RFCs thanks in advance — Jan 26 at 14:00

user2901196user2901196 111 · Accepted Answer · 2019-01-26 02:44:33Z

Thank's for your reply.
this was really helpfull but also confusing

I'v read RFCs 1918 and 6890

which are listing invalid/unreachable IP ranges

rfc6890
anything that starts with 0.
0.0.0.0 .. 0.255.255.255 0.0.0.0/8

rfc1918
10.0.0.0 .. 10.255.255.255 10.0.0.0/8
100.64.0.0 .. 100.127.255.255 100.64.0.0/10
127.0.0.0 .. 127.255.255.255 127.0.0.0/8
169.254.0.0 .. 169.254.255.255 169.254.0.0/16
172.16.0.0 .. 172.31.255.255 172.16.0.0/12
192.0.0.0 .. 192.0.0.255 192.0.0.0/24
192.0.2.0 .. 192.0.2.255 192.0.2.0/24
192.88.99.0 .. 192.88.99.255 192.88.99.0/24
192.168.0.0 .. 192.168.255.255 192.168.0.0/16
198.18.0.0 .. 198.19.255.255 198.18.0.0/15
198.51.100.0 .. 198.51.100.255 198.51.100.0/24
203.0.113.0 .. 203.0.113.255 203.0.113.0/24
240.0.0.0 .. 255.255.255.255 240.0.0.0/4
255.255.255.255 .. 255.255.255.255 255.255.255.255/32

(IP ranges are from me using CIDR to IP range converters)

I'v then made test on those using nmap without options mostly likely used posts 22,25,53,80,443
nmap -p 22,25,53,80,443 $IP

I'v included a test-suite bellow and related file output labelled IN- AND OUT-
within the OUT files I'v replaced repeating content with NEWLINE n ... NEWLINE n

conclusions for tests 04.00 .. 04.03 were all wrong because the output results over IPs within
invalid/unreachable IP ranges.
this means

1) RFCs are wrong : very unlikely
2) I'v misinterpreted the real meaning for those, that is I'v included IP ranges that are valid WITHIN the invalid IPs
3) those RFC were superseeded (invalidated by newer RFCs): April 2013 RFC6890, February 1996 RFC1918, as they are 5 and 22 yo resp.
4) the remote IPs sysadmins didn't follow RFCs
5) something else f*cked up

Can someone help me clarify this, please

thanks in advance

test-suite:

method:
00) check nmap and its syntax by entering CLA and mostly likely used posts on a IP 172.217.22.142 that we know is valid and up
nmap -p 22,25,53,80,443 172.217.22.142
output result in OUT-0 (bellow)
which show ssh smtp domain http https SERVICEs are running

01) check nmap and its syntax by entering CLA and mostly likely used posts on a IP 0.0.0.0 that we know is invalid and down
 nmap -p 22,25,53,80,443 0.0.0.1
 output result in OUT-1 (bellow)
 returns "(22 - 'Invalid argument')" AND "Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn"

02) check the IP using the above IP ranges form RFCs 1918 and 6890
 02.00) IPs WITHIN the range MUST return "(22 - 'Invalid argument')" (01)
 02.01) IPs outside the range MUST return something else

03) since it would be impractical to test millions of IPs inside/outside the range for 02.00 02.01 here we take 10.0.0.0 .. 10.255.255.255
 as an example but applies to other IP ranges too
 03.00) the limit IPs 10.0.0.0 10.255.255.255 (not valid)
 03.01) 5 random IPs WITHIN 10.0.0.0 .. 10.255.255.255 each range using online random number generator https://onlinerandomtools.com/generate-random-ip
 03.02) the IPs just besides the inner (04.01)/outter (04.02) limit (03.00) 9.255.255.255 11.0.0.1 (valid)

04) tests
 04.00) limit invalid IPs using (03.00)
 input : IN-0 (bellow)
 output : OUT-2 (bellow)
 nmap -p 22,25,53,80,443 <IP> awk 'print "nmap -p 22,25,53,80,443 " $1 " &> OUTPUT-nmap-test-30.txt >> ERROR-nmap-test-30.txt"' INPUT-nmap-test-30.txt > nmap-test-30
 remark : just returned "Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn" but NOT "(22 - 'Invalid argument')"
 conclusion : wrong

 04.01) limit 1 inside invalid IPs using (03.02) ex: 10.0.0.0 10.255.255.255 => 10.0.0.1 10.255.255.254
 input : IN-1 (bellow)
 output : OUT-3 (bellow)
 nmap -p 22,25,53,80,443 <IP> awk 'print "nmap -p 22,25,53,80,443 " $1 " &> OUTPUT-nmap-test-31.txt >> ERROR-nmap-test-31.txt"' INPUT-nmap-test-31.txt > nmap-test-31
 remark : some IPs 127.0.0.1 127.254.254.254 169.254.0.1 returns PORT STATE SERVICE
 conclusion : wrong

 04.02) limit 1 outside invalid IPs using (03.02) ex: 10.0.0.0 10.255.255.255 => 9.255.255.254 11.0.0.1 (05.00)
 input : IN-2 (bellow)
 output : OUT-4 (bellow)
 nmap -p 22,25,53,80,443 <IP> awk 'print "nmap -p 22,25,53,80,443 " $1 " &> OUTPUT-nmap-test-32.txt >> ERROR-nmap-test-32.txt"' INPUT-nmap-test-32.txt > nmap-test-32
 remark : 1 IP 192.0.3.1 returns PORT STATE SERVICE
 conclusion : wrong

 04.03) 5 random IPs WITHIN each range (03.01)
 input : IN-3 (bellow)
 output : OUT-5 (bellow)
 nmap -p 22,25,53,80,443 <IP> awk 'print "nmap -p 22,25,53,80,443 " $1 " &> OUTPUT-nmap-test-33.txt >> ERROR-nmap-test-33.txt"' INPUT-nmap-test-33.txt > nmap-test-33
 remark : some IPs 127.158.154.70 127.122.122.10 127.36.6.123 127.66.103.130 127.12.163.165 returns PORT STATE SERVICE
 conclusion : wrong

05) notes

05.00) A.B.C.D the D CANNOT BE 0 255

IN-0

10.0.0.0
10.255.255.255
100.64.0.0
100.127.255.255
127.0.0.0
127.255.255.255
169.254.0.0
169.254.255.255
172.16.0.0
172.31.255.255
192.0.0.0
192.0.0.255
192.0.2.0
192.0.2.255
192.88.99.0
192.88.99.255
192.168.0.0
192.168.255.255
198.18.0.0
198.19.255.255
198.51.100.0
198.51.100.255
203.0.113.0
203.0.113.255
240.0.0.0
255.255.255.255
255.255.255.255

255.255.255.255

IN-1

10.0.0.1
10.254.254.254
100.64.0.1
100.127.254.254
127.0.0.1
127.254.254.254
169.254.0.1
169.254.254.254
172.16.0.1
172.31.254.254
192.0.0.1
192.0.0.254
192.0.2.1
192.0.2.254
192.88.99.1
192.88.99.254
192.168.0.1
192.168.254.254
198.18.0.1
198.19.254.254
198.51.100.1
198.51.100.254
203.0.113.1
203.0.113.254
240.0.0.1

255.254.254.254

IN-2

9.255.255.254
11.0.0.1
100.63.255.254
100.128.0.1
126.255.255.254
128.0.0.1
169.253.255.254
169.255.0.1
172.15.255.254
172.32.0.1
191.255.255.254
193.0.1.1
192.0.1.254
192.0.3.1
192.88.98.254
192.88.100.1
192.167.255.254
192.169.0.1
198.17.254.254
198.20.0.1
198.51.99.254
198.51.101.1
203.0.112.254
203.0.114.1
239.255.255.254

256.0.0.1

IN-3

0.11.214.205
0.116.71.43
0.248.89.23
0.166.59.158
0.55.137.242
10.40.118.115
10.98.144.65
10.163.75.130
10.62.118.65
10.206.158.39
100.107.216.10
100.85.53.208
100.95.244.170
100.81.193.39
100.66.76.237
127.158.154.70
127.122.122.10
127.36.6.123
127.66.103.130
127.12.163.165
169.254.41.147
169.254.33.163
169.254.147.81
169.254.191.176
169.254.219.124
172.18.65.139
172.18.135.76
172.20.65.197
172.22.80.27
172.17.72.214
192.0.0.6
192.0.0.125
192.0.0.248
192.0.0.51
192.0.0.215
192.0.2.177
192.0.2.125
192.0.2.184
192.0.2.40
192.0.2.228
192.88.99.34
192.88.99.224
192.88.99.84
192.88.99.219
192.88.99.35
192.168.239.117
192.168.34.120
192.168.144.6
192.168.53.198
192.168.67.170
198.19.255.69
198.19.121.20
198.19.21.27
198.18.232.15
198.19.65.30
198.51.100.75
198.51.100.140
198.51.100.145
198.51.100.114
198.51.100.180
203.0.113.27
203.0.113.226
203.0.113.132
203.0.113.57
203.0.113.117
243.111.54.77
244.162.220.0
241.10.204.150
250.215.99.214

246.36.216.65 ------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------

OUT-0

Starting Nmap 7.70 ( ) at 2019-01-25 22:00 CET
Nmap scan report for par21s12-in-f14.1e100.net (172.217.22.142)
Host is up (0.029s latency).

PORT STATE SERVICE
22/tcp filtered ssh
25/tcp filtered smtp
53/tcp filtered domain
80/tcp open http
443/tcp open https

Nmap done: 1 IP address (1 host up) scanned in 1.36 seconds

OUT-1

Starting Nmap 7.70 ( ) at 2019-01-25 22:08 CET
Strange read error from 0.0.0.1 (22 - 'Invalid argument')
Strange read error from 0.0.0.1 (22 - 'Invalid argument')
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn

Nmap done: 1 IP address (0 hosts up) scanned in 0.12 seconds

OUT-2

Starting Nmap 7.70 ( ) at 2019-01-25 22:49 CET
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn

...

Nmap done: 1 IP address (0 hosts up) scanned in 3.09 seconds

Starting Nmap 7.70 ( ) at 2019-01-25 22:49 CET

OUT-3

Starting Nmap 7.70 ( ) at 2019-01-26 00:26 CET
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.11 seconds

...

Starting Nmap 7.70 ( ) at 2019-01-26 00:29 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00014s latency).

PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
443/tcp open https

Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds
Starting Nmap 7.70 ( ) at 2019-01-26 00:29 CET
Nmap scan report for 127.254.254.254
Host is up (0.00017s latency).

PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp closed domain
80/tcp open http
443/tcp open https

Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
Starting Nmap 7.70 ( ) at 2019-01-26 00:29 CET
Nmap scan report for 169.254.0.1
Host is up (0.032s latency).

PORT STATE SERVICE
22/tcp closed ssh
25/tcp closed smtp
53/tcp closed domain
80/tcp closed http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds
Starting Nmap 7.70 ( ) at 2019-01-26 00:29 CET
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.11 seconds

...

Starting Nmap 7.70 ( ) at 2019-01-26 00:29 CET
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn

Nmap done: 1 IP address (0 hosts up) scanned in 3.10 seconds

OUT-4

Starting Nmap 7.70 ( ) at 2019-01-26 00:32 CET
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.13 seconds

...

Starting Nmap 7.70 ( ) at 2019-01-26 00:33 CET
Nmap scan report for 192.0.3.1
Host is up (0.11s latency).

PORT STATE SERVICE
22/tcp open ssh
25/tcp closed smtp
53/tcp closed domain
80/tcp closed http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.57 seconds
Starting Nmap 7.70 ( ) at 2019-01-26 00:33 CET
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.08 seconds

...

Starting Nmap 7.70 ( ) at 2019-01-26 00:33 CET
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.21 seconds
Starting Nmap 7.70 ( ) at 2019-01-26 00:33 CET

Nmap done: 0 IP addresses (0 hosts up) scanned in 0.06 seconds

OUT-5

Starting Nmap 7.70 ( ) at 2019-01-26 01:20 CET
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.13 seconds

...

Starting Nmap 7.70 ( ) at 2019-01-26 01:21 CET
Nmap scan report for 127.158.154.70
Host is up (0.00014s latency).

PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp closed domain
80/tcp open http
443/tcp open https

Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
Starting Nmap 7.70 ( ) at 2019-01-26 01:21 CET
Nmap scan report for 127.122.122.10
Host is up (0.00012s latency).

PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp closed domain
80/tcp open http
443/tcp open https

Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
Starting Nmap 7.70 ( ) at 2019-01-26 01:21 CET
Nmap scan report for 127.36.6.123
Host is up (0.00010s latency).

PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp closed domain
80/tcp open http
443/tcp open https

Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds
Starting Nmap 7.70 ( ) at 2019-01-26 01:21 CET
Nmap scan report for 127.66.103.130
Host is up (0.00014s latency).

PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp closed domain
80/tcp open http
443/tcp open https

Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
Starting Nmap 7.70 ( ) at 2019-01-26 01:21 CET
Nmap scan report for 127.12.163.165
Host is up (0.0078s latency).

PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp closed domain
80/tcp open http
443/tcp open https

Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds
Starting Nmap 7.70 ( ) at 2019-01-26 01:21 CET
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn

...

Nmap done: 1 IP address (0 hosts up) scanned in 3.08 seconds
Starting Nmap 7.70 ( ) at 2019-01-26 01:23 CET

Nmap done: 0 IP addresses (0 hosts up) scanned in 0.09 seconds

Andreas WieseAndreas Wiese 7,6792234 · Accepted Answer · 2019-01-22 23:03:44Z

Address 0.18.0.0 (resp. 0.0.0.0/8) is not allowed as a destination IP address by standard™:

From RFC 6890:

2.2.2. IPv4 Special-Purpose Address Registry Entries

Tables 1 though 16, below, represent entries with which IANA has

initially populated the IPv4 Special-Purpose Address Registry.

 +----------------------+----------------------------+
 | Attribute | Value |
 +----------------------+----------------------------+
 | Address Block | 0.0.0.0/8 |
 | Name | "This host on this network"|
 | RFC | [RFC1122], Section 3.2.1.3 |
 | Allocation Date | September 1981 |
 | Termination Date | N/A |
 | Source | True |
 | Destination | False |
 | Forwardable | False |
 | Global | False |
 | Reserved-by-Protocol | True |
 +----------------------+----------------------------+

 Table 1: "This host on this network"

Thus 0.0.0.0/8 and hence 0.18.0.0 is no valid destination address, hence the kernel returns EINVALID on socket operations trying to use it as a destination.

Hint: You might want to use RFC 1918 addresses for your locally administered network.

Thank's for your reply. This was really helpfull but also a bit confusing. I'v read RFCs 1918 and 6890 and the following CIDR IPs are listed as unreachable 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 192.88.99.0/24 192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 203.0.113.0/24 240.0.0.0/4 255.255.255.255/32 I'v tried to connect using nmap/ncat and succeeded on some of those which I consider as an error since that are supposed to be 'unreachable' thank's — Jan 26 at 13:49
reachable 'unreachable' IPs 127.254.254.254 169.254.0.1 192.0.3.1 127.158.154.70 127.122.122.10 127.36.6.123 127.66.103.130 127.12.163.165 conclusions for tests were all wrong because those IPs aren't supposed to be This means: 1) RFCs are wrong : very unlikely 2) I'v misinterpreted the real meaning for those, that is I'v included IP ranges that are valid WITHIN the invalid IPs 3) those RFC were superseeded (invalidated by newer RFCs): April 2013 RFC6890, February 1996 RFC1918, as they are 5 and 22 yo resp. 4) the remote IPs sysadmins didn't follow RFCs thanks in advance — Jan 26 at 14:00

user2901196user2901196 111 · Accepted Answer · 2019-01-26 02:44:33Z

Thank's for your reply.
this was really helpfull but also confusing

I'v read RFCs 1918 and 6890

which are listing invalid/unreachable IP ranges

rfc6890
anything that starts with 0.
0.0.0.0 .. 0.255.255.255 0.0.0.0/8

rfc1918
10.0.0.0 .. 10.255.255.255 10.0.0.0/8
100.64.0.0 .. 100.127.255.255 100.64.0.0/10
127.0.0.0 .. 127.255.255.255 127.0.0.0/8
169.254.0.0 .. 169.254.255.255 169.254.0.0/16
172.16.0.0 .. 172.31.255.255 172.16.0.0/12
192.0.0.0 .. 192.0.0.255 192.0.0.0/24
192.0.2.0 .. 192.0.2.255 192.0.2.0/24
192.88.99.0 .. 192.88.99.255 192.88.99.0/24
192.168.0.0 .. 192.168.255.255 192.168.0.0/16
198.18.0.0 .. 198.19.255.255 198.18.0.0/15
198.51.100.0 .. 198.51.100.255 198.51.100.0/24
203.0.113.0 .. 203.0.113.255 203.0.113.0/24
240.0.0.0 .. 255.255.255.255 240.0.0.0/4
255.255.255.255 .. 255.255.255.255 255.255.255.255/32

(IP ranges are from me using CIDR to IP range converters)

I'v then made test on those using nmap without options mostly likely used posts 22,25,53,80,443
nmap -p 22,25,53,80,443 $IP

I'v included a test-suite bellow and related file output labelled IN- AND OUT-
within the OUT files I'v replaced repeating content with NEWLINE n ... NEWLINE n

conclusions for tests 04.00 .. 04.03 were all wrong because the output results over IPs within
invalid/unreachable IP ranges.
this means

1) RFCs are wrong : very unlikely
2) I'v misinterpreted the real meaning for those, that is I'v included IP ranges that are valid WITHIN the invalid IPs
3) those RFC were superseeded (invalidated by newer RFCs): April 2013 RFC6890, February 1996 RFC1918, as they are 5 and 22 yo resp.
4) the remote IPs sysadmins didn't follow RFCs
5) something else f*cked up

Can someone help me clarify this, please

thanks in advance

test-suite:

method:
00) check nmap and its syntax by entering CLA and mostly likely used posts on a IP 172.217.22.142 that we know is valid and up
nmap -p 22,25,53,80,443 172.217.22.142
output result in OUT-0 (bellow)
which show ssh smtp domain http https SERVICEs are running

01) check nmap and its syntax by entering CLA and mostly likely used posts on a IP 0.0.0.0 that we know is invalid and down
 nmap -p 22,25,53,80,443 0.0.0.1
 output result in OUT-1 (bellow)
 returns "(22 - 'Invalid argument')" AND "Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn"

02) check the IP using the above IP ranges form RFCs 1918 and 6890
 02.00) IPs WITHIN the range MUST return "(22 - 'Invalid argument')" (01)
 02.01) IPs outside the range MUST return something else

03) since it would be impractical to test millions of IPs inside/outside the range for 02.00 02.01 here we take 10.0.0.0 .. 10.255.255.255
 as an example but applies to other IP ranges too
 03.00) the limit IPs 10.0.0.0 10.255.255.255 (not valid)
 03.01) 5 random IPs WITHIN 10.0.0.0 .. 10.255.255.255 each range using online random number generator https://onlinerandomtools.com/generate-random-ip
 03.02) the IPs just besides the inner (04.01)/outter (04.02) limit (03.00) 9.255.255.255 11.0.0.1 (valid)

04) tests
 04.00) limit invalid IPs using (03.00)
 input : IN-0 (bellow)
 output : OUT-2 (bellow)
 nmap -p 22,25,53,80,443 <IP> awk 'print "nmap -p 22,25,53,80,443 " $1 " &> OUTPUT-nmap-test-30.txt >> ERROR-nmap-test-30.txt"' INPUT-nmap-test-30.txt > nmap-test-30
 remark : just returned "Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn" but NOT "(22 - 'Invalid argument')"
 conclusion : wrong

 04.01) limit 1 inside invalid IPs using (03.02) ex: 10.0.0.0 10.255.255.255 => 10.0.0.1 10.255.255.254
 input : IN-1 (bellow)
 output : OUT-3 (bellow)
 nmap -p 22,25,53,80,443 <IP> awk 'print "nmap -p 22,25,53,80,443 " $1 " &> OUTPUT-nmap-test-31.txt >> ERROR-nmap-test-31.txt"' INPUT-nmap-test-31.txt > nmap-test-31
 remark : some IPs 127.0.0.1 127.254.254.254 169.254.0.1 returns PORT STATE SERVICE
 conclusion : wrong

 04.02) limit 1 outside invalid IPs using (03.02) ex: 10.0.0.0 10.255.255.255 => 9.255.255.254 11.0.0.1 (05.00)
 input : IN-2 (bellow)
 output : OUT-4 (bellow)
 nmap -p 22,25,53,80,443 <IP> awk 'print "nmap -p 22,25,53,80,443 " $1 " &> OUTPUT-nmap-test-32.txt >> ERROR-nmap-test-32.txt"' INPUT-nmap-test-32.txt > nmap-test-32
 remark : 1 IP 192.0.3.1 returns PORT STATE SERVICE
 conclusion : wrong

 04.03) 5 random IPs WITHIN each range (03.01)
 input : IN-3 (bellow)
 output : OUT-5 (bellow)
 nmap -p 22,25,53,80,443 <IP> awk 'print "nmap -p 22,25,53,80,443 " $1 " &> OUTPUT-nmap-test-33.txt >> ERROR-nmap-test-33.txt"' INPUT-nmap-test-33.txt > nmap-test-33
 remark : some IPs 127.158.154.70 127.122.122.10 127.36.6.123 127.66.103.130 127.12.163.165 returns PORT STATE SERVICE
 conclusion : wrong

05) notes