Nmap Development mailing list archives
Re: [Pauldotcom] NMAP Discrepancies
From: Shinnok <admin () shinnok com>
Date: Mon, 6 Jun 2011 15:41:18 +0300
On Mon, Jun 6, 2011 at 3:27 PM, Shinnok <admin () shinnok com> wrote:
Hi, Don't service probes have a certain timeout for the probe response? If so then big service latency could cause that exact mismatch also. Brief grepping revealed the following in service_scan.h: #define DEFAULT_SERVICEWAITMS 5000 Which should be enough imho, if that's the right timeout value. Does that value get dynamically adjusted along the scan? Another reason could be that some services have resuming state capabilities or don't recover that well upon sudden termination of a connection, which means that the subsequent timely scans would get unexpected results for the service probes.
As you probably noticed, my comment assumes that there is nothing wrong with the service code, however, given a reproducible case that I can poke at, I am glad to take a look at the issue. For eg, for the microsoft-rdp case I would need Windows Version, Service Pack version, MSRDP client version, Nmap version and on which subsequent scan does Nmap stop reporting the Service for the port(the last requirement must be somewhat reproducible). Thanks, -- Shinnok <http://shinnok.com> _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [Pauldotcom] NMAP Discrepancies Ron (Jun 01)
- Re: [Pauldotcom] NMAP Discrepancies Shinnok (Jun 06)
- Re: [Pauldotcom] NMAP Discrepancies Shinnok (Jun 06)
- Re: [Pauldotcom] NMAP Discrepancies Michael Lubinski (Jun 06)
- Re: [Pauldotcom] NMAP Discrepancies Shinnok (Jun 21)
- Re: [Pauldotcom] NMAP Discrepancies Michael Lubinski (Jun 21)
- Re: [Pauldotcom] NMAP Discrepancies Shinnok (Jun 21)
- Re: [Pauldotcom] NMAP Discrepancies Shinnok (Jun 06)
- Re: [Pauldotcom] NMAP Discrepancies Shinnok (Jun 06)