Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

help interpreting the nmap output

From: "Ivan Fratric" <hacky_2001 () hotmail com>
Date: Tue, 14 Dec 2004 18:43:12 +0000
Hi,
I'm running nmap on Windows XP. Normally, it works fine (when I use it to scan a computer for which I know what services it's running) and returns detailed info on the services installed. However, I tried to run it on a web server on the Internet and I have trouble getting all the info. 
Using -A -T4 options on a server and I receive the following reply

(The 1441 ports scanned but not shown below are in state: filtered)
PORT      STATE  SERVICE          VERSION
5/tcp     closed rje
14/tcp    closed unknown
21/tcp    open   ftp?
22/tcp    closed ssh
23/tcp    open   telnet?
26/tcp    closed unknown
44/tcp    closed mpm-flags
53/tcp    closed domain
61/tcp    closed ni-mail
63/tcp    closed via-ftp
66/tcp    closed sql*net
79/tcp    closed finger
80/tcp    open   http?
93/tcp    closed dcp
107/tcp   closed rtelnet
113/tcp   closed auth
131/tcp   closed cisco-tna
143/tcp   closed imap
144/tcp   closed news
166/tcp   closed s-net
168/tcp   closed rsvd
169/tcp   closed send
176/tcp   closed genrad-mux
177/tcp   closed xdmcp
179/tcp   closed bgp
188/tcp   closed mumps
194/tcp   closed irc
199/tcp   closed smux
200/tcp   closed src
204/tcp   closed at-echo
207/tcp   closed at-7
209/tcp   closed tam
210/tcp   closed z39.50
220/tcp   closed imap3
222/tcp   closed rsh-spx
225/tcp   closed unknown
227/tcp   closed unknown
228/tcp   closed unknown
234/tcp   closed unknown
245/tcp   closed link
256/tcp   closed FW1-secureremote
260/tcp   closed openport
265/tcp   closed maybeFW1
272/tcp   closed unknown
276/tcp   closed unknown
277/tcp   closed unknown
279/tcp   closed unknown
281/tcp   closed personal-link
307/tcp   closed unknown
308/tcp   closed novastorbakcup
320/tcp   closed unknown
321/tcp   closed pip
325/tcp   closed unknown
332/tcp   closed unknown
348/tcp   closed csi-sgwp
355/tcp   closed datex-asn
359/tcp   closed tenebris_nts
360/tcp   closed scoi2odialog
364/tcp   closed aurora-cmgr
389/tcp   closed ldap
404/tcp   closed nced
411/tcp   closed rmt
418/tcp   closed hyper-g
423/tcp   closed opc-job-start
426/tcp   closed smartsdp
434/tcp   closed mobileip-agent
436/tcp   closed dna-cml
437/tcp   closed comscm
442/tcp   closed cvc_hostd
443/tcp   open   https?
449/tcp   closed as-servermap
472/tcp   closed ljk-login
487/tcp   closed saft
496/tcp   closed pim-rp-disc
504/tcp   closed citadel
506/tcp   closed ohimsrv
509/tcp   closed snare
524/tcp   closed ncp
533/tcp   closed netwall
537/tcp   closed nmsp
547/tcp   closed dhcpv6-server
554/tcp   closed rtsp
560/tcp   closed rmonitor
575/tcp   closed vemmi
578/tcp   closed ipdd
582/tcp   closed scc-security
586/tcp   closed password-chg
601/tcp   closed unknown
612/tcp   closed unknown
623/tcp   closed unknown
626/tcp   closed unknown
630/tcp   closed unknown
635/tcp   closed unknown
636/tcp   closed ldapssl
638/tcp   closed unknown
644/tcp   closed unknown
659/tcp   closed unknown
675/tcp   closed unknown
677/tcp   closed unknown
678/tcp   closed unknown
686/tcp   closed unknown
688/tcp   closed unknown
714/tcp   closed unknown
716/tcp   closed unknown
721/tcp   closed unknown
724/tcp   closed unknown
725/tcp   closed unknown
729/tcp   closed netviewdm1
743/tcp   closed unknown
766/tcp   closed unknown
781/tcp   closed hp-collector
790/tcp   closed unknown
793/tcp   closed unknown
795/tcp   closed unknown
803/tcp   closed unknown
805/tcp   closed unknown
819/tcp   closed unknown
844/tcp   closed unknown
847/tcp   closed unknown
848/tcp   closed unknown
852/tcp   closed unknown
857/tcp   closed unknown
884/tcp   closed unknown
888/tcp   closed accessbuilder
901/tcp   closed samba-swat
904/tcp   closed unknown
914/tcp   closed unknown
933/tcp   closed unknown
949/tcp   closed unknown
950/tcp   closed oftep-rpc
976/tcp   closed unknown
984/tcp   closed unknown
985/tcp   closed unknown
993/tcp   closed imaps
995/tcp   closed pop3s
999/tcp   closed garcon
1006/tcp  closed unknown
1009/tcp  closed unknown
1011/tcp  closed unknown
1013/tcp  closed unknown
1017/tcp  closed unknown
1040/tcp  closed netsaint
1068/tcp  closed instl_bootc
1084/tcp  closed ansoft-lm-2
1347/tcp  closed bbn-mmc
1352/tcp  closed lotusnotes
1370/tcp  closed us-gv
1374/tcp  closed molly
1376/tcp  closed ibm-pps
1400/tcp  closed cadkey-tablet
1402/tcp  closed prm-sm-np
1410/tcp  closed hiq
1415/tcp  closed dbstar
1419/tcp  closed timbuktu-srv3
1420/tcp  closed timbuktu-srv4
1445/tcp  closed proxima-lm
1450/tcp  closed dwf
1457/tcp  closed valisys-lm
1459/tcp  closed proshare1
1460/tcp  closed proshare2
1481/tcp  closed airs
1483/tcp  closed afs
1484/tcp  closed confluent
1494/tcp  closed citrix-ica
1496/tcp  closed liberty-lm
1499/tcp  closed fhc
1513/tcp  closed fujitsu-dtc
1516/tcp  closed vpad
1527/tcp  closed tlisrv
1534/tcp  closed micromuse-lm
1535/tcp  closed ampr-info
1542/tcp  closed gridgen-elmd
1552/tcp  closed pciarray
1662/tcp  closed netview-aix-2
1665/tcp  closed netview-aix-5
1672/tcp  closed netview-aix-12
1680/tcp  closed CarbonCopy
1720/tcp  closed H.323/Q.931
1723/tcp  closed pptp
1755/tcp  closed wms
1986/tcp  closed licensedaemon
1988/tcp  closed tr-rsrb-p2
1993/tcp  closed snmp-tcp-port
1997/tcp  closed gdp-port
2003/tcp  closed cfingerd
2008/tcp  closed conf
2042/tcp  closed isis
2046/tcp  closed sdfunc
2047/tcp  closed dls
2401/tcp  closed cvspserver
2603/tcp  closed ripngd
2784/tcp  closed www-dev
3000/tcp  closed ppp
3389/tcp  closed ms-term-serv
4333/tcp  closed msql
4672/tcp  closed rfa
4998/tcp  closed maybeveritas
5010/tcp  closed telelpathstart
5145/tcp  closed rmonitor_secure
5191/tcp  closed aol-1
5232/tcp  closed sgi-dgl
5236/tcp  closed padl2sim
5405/tcp  closed pcduo
5530/tcp  closed sdserv
5680/tcp  closed canna
6003/tcp  closed X11:3
6105/tcp  closed isdninfo
6111/tcp  closed spc
6141/tcp  closed meta-corp
6142/tcp  closed aspentec-lm
6588/tcp  closed analogx
7007/tcp  closed afs3-bos
8007/tcp  closed ajp12
8892/tcp  closed seosload
13701/tcp closed VeritasNetbackup
13717/tcp closed VeritasNetbackup
19150/tcp closed gkrellmd
22289/tcp closed wnn6_Cn
31337/tcp closed Elite
32773/tcp closed sometimes-rpc9
32786/tcp closed sometimes-rpc25
65301/tcp closed pcanywhere
Too many fingerprints match this host to give specific OS details
So, why the question marks next to the open protocols? Next I tried connecting to the telnet and ftp, but I get disconnected straight away. So I tried to get more info on the http and https by calling nmap with -sV -p 80 or -sV -p 443 options. Since it's a web server it is certainly running those services. I get something like 

80/tcp    open   Apache httpd
Anyway, no sign of the Apache version. So, how can I find out what version of the Apache a server is running? What is the best way to proceed from here? TIA 

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search! http://search.msn.com/
Previous By Date Next
Previous By Thread Next

Current thread: