Nmap Development mailing list archives
Are sX and sF broken on linux?
From: "Alex R" <alex () deviousmeans net>
Date: Sun, 17 Oct 2004 16:50:36 +0200
Are sF and sX scans broken on 3.70? I'm running slackware-current with a custom 2.6.8.1 kernel. root@foo:~# nmap -sF -P0 -vv -O -p 1-65535 2k.lan Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2004-10-17 16:37 GMT+2 Initiating FIN Scan against 192.168.0.6 [65535 ports] at 16:37 The FIN Scan took 12.41s to scan 65535 total ports. Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port Host 192.168.0.6 appears to be up ... good. All 65535 scanned ports on 192.168.0.6 are: closed MAC Address: 00:06:4F:06:AB:BD (Pro-nets Technology) Device type: webcam|switch|general purpose Running: AXIS embedded, Cisco embedded, IBM MVS, Microsoft Windows 95/98/ME|2003/.NET|NT/2K/XP Too many fingerprints match this host to give specific OS details TCP/IP fingerprint: SInfo(V=3.70%P=i486-slackware-linux-gnu%D=10/17%Time=4172BBE9%O=-1%C=1) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Nmap run completed -- 1 IP address (1 host up) scanned in 24.284 seconds root@foo:~# nmap -sX -P0 -vv -O -p 1-65535 2k.lan Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2004-10-17 16:38 GMT+2 Initiating XMAS Scan against 192.168.0.6 [65535 ports] at 16:38 The XMAS Scan took 12.50s to scan 65535 total ports. Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port Host 192.168.0.6 appears to be up ... good. All 65535 scanned ports on 192.168.0.6 are: closed MAC Address: 00:06:4F:06:AB:BD (Pro-nets Technology) Device type: webcam|switch|general purpose Running: AXIS embedded, Cisco embedded, IBM MVS, Microsoft Windows 95/98/ME|2003/.NET|NT/2K/XP Too many fingerprints match this host to give specific OS details TCP/IP fingerprint: SInfo(V=3.70%P=i486-slackware-linux-gnu%D=10/17%Time=4172BC34%O=-1%C=1) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Nmap run completed -- 1 IP address (1 host up) scanned in 24.248 seconds root@foo:~# nmap -sS -P0 -O -p 1-65535 2k.lan Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2004-10-17 16:42 GMT+2 Interesting ports on 192.168.0.6: (The 65517 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 53/tcp open domain 80/tcp open http 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 1025/tcp open NFS-or-IIS 1026/tcp open LSA-or-nterm 1028/tcp open unknown 1041/tcp open unknown 1060/tcp open unknown 2267/tcp open unknown 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl MAC Address: 00:06:4F:06:AB:BD (Pro-nets Technology) Device type: general purpose Running: Microsoft Windows 2003/.NET OS details: Microsoft Windows .NET Enterprise Server (build 3604-3790) Nmap run completed -- 1 IP address (1 host up) scanned in 23.979 seconds
Current thread:
- Are sX and sF broken on linux? Alex R (Oct 17)