Re: [Pauldotcom] NMAP Discrepancies

[Shinnok <admin () shinnok com>]

On Mon, Jun 6, 2011 at 3:27 PM, Shinnok <admin () shinnok com> wrote:
> Hi,
>
> Don't service probes have a certain timeout for the probe response? If
> so then big service latency could cause that exact mismatch also.
>
> Brief grepping revealed the following in service_scan.h:
> #define DEFAULT_SERVICEWAITMS 5000
> Which should be enough imho, if that's the right timeout value. Does
> that value get dynamically adjusted along the scan?
>
> Another reason could be that some services have resuming state
> capabilities or don't recover that well upon sudden termination of a
> connection, which means that the subsequent timely scans would get
> unexpected results for the service probes.

As you probably noticed, my comment assumes that there is nothing
wrong with the service code, however, given a reproducible case that I
can poke at, I am glad to take a look at the issue.
For eg, for the microsoft-rdp case I would need Windows Version,
Service Pack version, MSRDP client version, Nmap version and on which
subsequent scan does Nmap stop reporting the Service for the port(the
last requirement must be somewhat reproducible).

Thanks,

-- 

Shinnok <http://shinnok.com>
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/