Nmap Development mailing list archives
Re: Identifying BeOS DR9?
From: Bo Cato <jcato73 () comcast net>
Date: Thu, 11 Sep 2003 07:56:04 -0400
You want to -vv and change -sW to -sS or -sT then submit the fingerprint to http://www.insecure.org/cgi-bin/nmap-submit.cgi I'm not sure a windowing scan is 'ideal' for fingerprinting while I've had good results with half opens and connects. -- -b Hello Edhel, Wednesday, September 10, 2003, 9:03:58 PM, you wrote: E> I noticed that BeOS DR9, AKA "Preview Release" isn't listed in E> nmap-os-fingerprints, so I installed this OS on my Mac and E> scanned it from my FreeBSD computer on the other end of my desk. E> The results were disappointing. I have BeOS DR9's included E> telnet, ftp, and web servers running, but nmap always claims E> that the test conditions are "non-ideal". Is there anything I E> can do to achieve an "ideal" scan for submission? Below is the E> output of a few scans: E> [spatchtower:root] /tmp/nmap-3.30 > ./nmap -O -v -p 20-24,80 10.0.2.2 E> No tcp, udp, or ICMP scantype specified, assuming SYN Stealth scan. Use -sP if you really E> don't want to portscan (and just want to see what hosts are up). E> Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2003-09-10 20:37 EDT E> Host powermacintosh8500 (10.0.2.2) appears to be up ... good. E> Initiating SYN Stealth Scan against powermacintosh8500 (10.0.2.2) at 20:37 E> Adding open port 80/tcp E> The SYN Stealth Scan took 2 seconds to scan 6 ports. E> For OSScan assuming that port 80 is open and port 20 is closed and neither are firewalled E> For OSScan assuming that port 80 is open and port 20 is closed and neither are firewalled E> Insufficient responses for TCP sequencing (0), OS detection may be less accurate E> For OSScan assuming that port 80 is open and port 20 is closed and neither are firewalled E> Insufficient responses for TCP sequencing (0), OS detection may be less accurate E> Interesting ports on powermacintosh8500 (10.0.2.2): E> (The 3 ports scanned but not shown below are in state: closed) E> Port State Service E> 21/tcp filtered ftp E> 23/tcp filtered telnet E> 80/tcp open http E> Device type: general purpose E> Running (JUST GUESSING) : Be BeOS 4.X (88%) E> Aggressive OS guesses: BeOS 4 - 4.5 (88%) E> No exact OS matches for host (test conditions non-ideal). E> Nmap run completed -- 1 IP address (1 host up) scanned in 28.133 seconds E> ---------------------------------------------------------------------- E> [spatchtower:root] /tmp/nmap-3.30 > ./nmap -O -v -p 20-24,80 -sW 10.0.2.2 E> Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2003-09-10 20:44 EDT E> Host powermacintosh8500 (10.0.2.2) appears to be up ... good. E> Initiating Window Scan against powermacintosh8500 (10.0.2.2) at 20:44 E> Adding open port 21/tcp E> Adding open port 80/tcp E> Adding open port 24/tcp E> Adding open port 22/tcp E> Adding open port 20/tcp E> Adding open port 23/tcp E> The Window Scan took 0 seconds to scan 6 ports. E> Warning: OS detection will be MUCH less reliable because we did not find at least 1 open E> and 1 closed TCP port E> For OSScan assuming that port 20 is open and port 37098 is closed and neither are firewalled E> WARNING: RST from port 20 -- is this port really open? E> WARNING: RST from port 20 -- is this port really open? E> WARNING: RST from port 20 -- is this port really open? E> Insufficient responses for TCP sequencing (0), OS detection may be less accurate E> For OSScan assuming that port 20 is open and port 44672 is closed and neither are firewalled E> WARNING: RST from port 20 -- is this port really open? E> WARNING: RST from port 20 -- is this port really open? E> WARNING: RST from port 20 -- is this port really open? E> Insufficient responses for TCP sequencing (0), OS detection may be less accurate E> For OSScan assuming that port 20 is open and port 37075 is closed and neither are firewalled E> WARNING: RST from port 20 -- is this port really open? E> WARNING: RST from port 20 -- is this port really open? E> WARNING: RST from port 20 -- is this port really open? E> Insufficient responses for TCP sequencing (0), OS detection may be less accurate E> Interesting ports on powermacintosh8500 (10.0.2.2): E> Port State Service E> 20/tcp open ftp-data E> 21/tcp open ftp E> 22/tcp open ssh E> 23/tcp open telnet E> 24/tcp open priv-mail E> 80/tcp open http E> Device type: print server E> Running (JUST GUESSING) : Intel embedded (90%) E> Aggressive OS guesses: Intel Netport Express PRO print server V04.33a (90%) E> No exact OS matches for host (test conditions non-ideal). E> Nmap run completed -- 1 IP address (1 host up) scanned in 22.981 seconds E> ---------------------------------------------------------------------- E> [spatchtower:root] /tmp/nmap-3.30 > ./nmap -O -v -p 20-24,80 -sU 10.0.2.2 E> Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2003-09-10 20:47 EDT E> Host powermacintosh8500 (10.0.2.2) appears to be up ... good. E> Initiating UDP Scan against powermacintosh8500 (10.0.2.2) at 20:47 E> The UDP Scan took 0 seconds to scan 6 ports. E> Adding open port 23/udp E> Adding open port 80/udp E> Adding open port 22/udp E> Adding open port 24/udp E> Adding open port 20/udp E> Adding open port 21/udp E> Warning: OS detection will be MUCH less reliable because we did not find at least 1 open E> and 1 closed TCP port E> Interesting ports on powermacintosh8500 (10.0.2.2): E> Port State Service E> 20/udp open ftp-data E> 21/udp open ftp E> 22/udp open ssh E> 23/udp open telnet E> 24/udp open priv-mail E> 80/udp open http E> Device type: print server|general purpose E> Running (JUST GUESSING) : Intel embedded (89%), Apple Mac OS 7.X (86%), Convex SPP-UX (86%) E> Aggressive OS guesses: Intel Netport Express PRO print server V04.33a (89%), Apple Mac OS E> 7.0-7.1 With MacTCP 1.1.1 - 2.0.6 (86%), Convex SPP-UX 5.2.1 (86%), SPP-UX 5.x on a Convex E> SPP-1600 (86%) E> No exact OS matches for host (test conditions non-ideal). E> Nmap run completed -- 1 IP address (1 host up) scanned in 16.932 seconds E> --------------------------------------------------------------------- E> For help using this (nmap-dev) mailing list, send a blank email to E> nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org). -- Best regards, Bo mailto:jcato73 () comcast net --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Identifying BeOS DR9? Edhel (Sep 10)
- Re: Identifying BeOS DR9? Bo Cato (Sep 11)
- Message not available
- Message not available
- Re: Identifying BeOS DR9? Edhel (Sep 13)
- Message not available
- Re: Identifying BeOS DR9? Bo Cato (Sep 11)