Re: Problem/bug in nmap documentation?

[Daniel Miller <bonsaiviking () gmail com>]

Anders,

Thanks for asking about this. When Nmap misidentifies a service, there's no
way to get it to print the full service fingerprint. Even if there were,
there's not much point because it usually would only contain the one string
that matched the existing match line. The --version-trace option is what
shows what probes were sent and what was received and what match line was
matched. The other options are included to get more information about the
target in case it is relevant to identifying the service. All together,
this is usually enough information to update an existing match line.

The problem of identifying lower layers instead of upper applications is a
tricky one. We generally prefer to identify the underlying software and
only put higher-level info in the extra-info field if it is shown at all
(e.g. identify Apache httpd, but do not identify WordPress). But there are
always exceptions. When we see your submission, we'll be able to make a
better determination. And of course you can include more information than
is requested if you feel it would be helpful.

Dan

On Mon, Sep 24, 2018 at 3:34 PM Anders Thulin <anders () thulin name> wrote:

> I've discovered what I think is a mis-identification of a service
> (latest nmap, Linux platform). Nmap does identify a lower-level
> component used for the service, but not the actual service. (This is not
> the bug; it's where I started.)
>
> I've searched around, but not found any other recommendation for
> submitting corrections/additions than that on the 'Community
> contributions' page (https://nmap.org/book/vscan-community.html), where
> it says
>
> "Run the command nmap -O -Pn -sSV -T4 -d --version-trace -p<port>
> <target>, where <port> is the port running the misidentified service on
> the <target> host."
>
> followed by a pointer to the standard submit page.
>
> However, that command does _not_ produce a service version fingerprint,
> so there's nothing to submit.  (I can only assume it worked at one time,
> but since has changed no non-working state.)  It does provide a os
> fingerprint, but that's
>
> That's the bug: the command does not work as stated.
>
> Next ... how do I produce the necessary service fingerprint for
> submission?
>
> regards,
> --
> /A. Thulin
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/