Nmap Development mailing list archives
Re: nse unusual-port ident bug
From: Fyodor <fyodor () insecure org>
Date: Tue, 29 Nov 2011 18:55:00 -0800
On Sat, Nov 26, 2011 at 07:07:11PM +0100, Patrik Karlsson wrote:
In this case, the entry in nmap-services says "auth" while the service/version scan recognizes the port as "ident". While, to the best of my knowledge, this is essentially the same service there's a discrepancy between the entries in the file nmap-services and nmap-service-probes.
One thing that might help is to search the whole nmap-services entry (including comments) for the discovered service name. Aliases and alternatives for a given port number are often listed in the comment section of each line. For example, port 113 looked like: auth 113/tcp 0.012370 # ident, tap, Authentication Service So you would have found ident there if you had searched the whole line. Of course I've now changed the name to ident for consistency with version detection results, so this particular example is moot. But there are many other cases where alternatives are listed in the comments. And if you find cases where they aren't, you could add them to the comments (remember to edit /nmap-private-dev/nmap-services-all rather than /nmap/nmap-services directly). This could possibly avoid the need for a whitelist (though a whitelist isn't really a bad idea either). Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: nse unusual-port ident bug Patrik Karlsson (Nov 26)
- Re: nse unusual-port ident bug David Fifield (Nov 27)
- Re: nse unusual-port ident bug Patrik Karlsson (Nov 28)
- Re: nse unusual-port ident bug Fyodor (Nov 29)
- Re: nse unusual-port ident bug Fyodor (Nov 29)
- Re: nse unusual-port ident bug David Fifield (Nov 27)