Nmap Development mailing list archives
Re: NMAP Discrepancy
From: David Fifield <david () bamsoftware com>
Date: Tue, 24 May 2011 09:36:59 -0700
On Tue, May 24, 2011 at 02:36:58PM +0300, Toni Ruottu wrote:
Try adding --version-trace to the command line, and tell us if you are able to figure it out. On Tue, May 24, 2011 at 2:33 PM, Michael Lubinski <michael.lubinski () gmail com> wrote:Anybody know why NMAP reports differences every so often with the same port. E.g. -3389/tcp open microsoft-rdp Microsoft Terminal Service +3389/tcp open This is running on a Win7 box, with NMAP 5.51. The same scan is run every time, sometimes it displays the service (using the -sV switch) and sometimes not?
It's strange that the service name is blank instead of "microsoft-rdp?", which is what it would be if none of the service probes matched. It could be a bug in the service database. Toni's suggestion is good, but I would use -d2 instead of --version-trace so that you don't see a bunch of Nsock messages. The lines you are looking for are like this: Scanning 2 services on scanme.nmap.org (74.207.244.221) Starting probes against new service: 74.207.244.221:22 (tcp) Starting probes against new service: 74.207.244.221:80 (tcp) Service scan sending probe NULL to 74.207.244.221:22 (tcp) Service scan sending probe NULL to 74.207.244.221:80 (tcp) Service scan match (Probe NULL matched with NULL line 2487): 74.207.244.221:22 is ssh. Version: |OpenSSH|5.3p1 Debian 3ubuntu6|protocol 2.0| Service scan sending probe GetRequest to 74.207.244.221:80 (tcp) Service scan match (Probe GetRequest matched with GetRequest line 4688): 74.207.244.221:80 is http. Version: |Apache httpd|2.2.14|(Ubuntu)| Completed Service scan at 09:35, 6.04s elapsed (2 services on 1 host) You should see either a "matched" line with a line number, or else see all the probes be tested with no result. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NMAP Discrepancy Michael Lubinski (May 24)
- Re: NMAP Discrepancy Toni Ruottu (May 24)
- Re: NMAP Discrepancy David Fifield (May 24)
- Re: NMAP Discrepancy Toni Ruottu (May 24)