Security Basics mailing list archives
help interpreting the nmap output
From: "Ivan Fratric" <hacky_2001 () hotmail com>
Date: Tue, 14 Dec 2004 18:43:12 +0000
Hi,I'm running nmap on Windows XP. Normally, it works fine (when I use it to scan a computer for which I know what services it's running) and returns detailed info on the services installed. However, I tried to run it on a web server on the Internet and I have trouble getting all the info.
Using -A -T4 options on a server and I receive the following reply (The 1441 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE VERSION 5/tcp closed rje 14/tcp closed unknown 21/tcp open ftp? 22/tcp closed ssh 23/tcp open telnet? 26/tcp closed unknown 44/tcp closed mpm-flags 53/tcp closed domain 61/tcp closed ni-mail 63/tcp closed via-ftp 66/tcp closed sql*net 79/tcp closed finger 80/tcp open http? 93/tcp closed dcp 107/tcp closed rtelnet 113/tcp closed auth 131/tcp closed cisco-tna 143/tcp closed imap 144/tcp closed news 166/tcp closed s-net 168/tcp closed rsvd 169/tcp closed send 176/tcp closed genrad-mux 177/tcp closed xdmcp 179/tcp closed bgp 188/tcp closed mumps 194/tcp closed irc 199/tcp closed smux 200/tcp closed src 204/tcp closed at-echo 207/tcp closed at-7 209/tcp closed tam 210/tcp closed z39.50 220/tcp closed imap3 222/tcp closed rsh-spx 225/tcp closed unknown 227/tcp closed unknown 228/tcp closed unknown 234/tcp closed unknown 245/tcp closed link 256/tcp closed FW1-secureremote 260/tcp closed openport 265/tcp closed maybeFW1 272/tcp closed unknown 276/tcp closed unknown 277/tcp closed unknown 279/tcp closed unknown 281/tcp closed personal-link 307/tcp closed unknown 308/tcp closed novastorbakcup 320/tcp closed unknown 321/tcp closed pip 325/tcp closed unknown 332/tcp closed unknown 348/tcp closed csi-sgwp 355/tcp closed datex-asn 359/tcp closed tenebris_nts 360/tcp closed scoi2odialog 364/tcp closed aurora-cmgr 389/tcp closed ldap 404/tcp closed nced 411/tcp closed rmt 418/tcp closed hyper-g 423/tcp closed opc-job-start 426/tcp closed smartsdp 434/tcp closed mobileip-agent 436/tcp closed dna-cml 437/tcp closed comscm 442/tcp closed cvc_hostd 443/tcp open https? 449/tcp closed as-servermap 472/tcp closed ljk-login 487/tcp closed saft 496/tcp closed pim-rp-disc 504/tcp closed citadel 506/tcp closed ohimsrv 509/tcp closed snare 524/tcp closed ncp 533/tcp closed netwall 537/tcp closed nmsp 547/tcp closed dhcpv6-server 554/tcp closed rtsp 560/tcp closed rmonitor 575/tcp closed vemmi 578/tcp closed ipdd 582/tcp closed scc-security 586/tcp closed password-chg 601/tcp closed unknown 612/tcp closed unknown 623/tcp closed unknown 626/tcp closed unknown 630/tcp closed unknown 635/tcp closed unknown 636/tcp closed ldapssl 638/tcp closed unknown 644/tcp closed unknown 659/tcp closed unknown 675/tcp closed unknown 677/tcp closed unknown 678/tcp closed unknown 686/tcp closed unknown 688/tcp closed unknown 714/tcp closed unknown 716/tcp closed unknown 721/tcp closed unknown 724/tcp closed unknown 725/tcp closed unknown 729/tcp closed netviewdm1 743/tcp closed unknown 766/tcp closed unknown 781/tcp closed hp-collector 790/tcp closed unknown 793/tcp closed unknown 795/tcp closed unknown 803/tcp closed unknown 805/tcp closed unknown 819/tcp closed unknown 844/tcp closed unknown 847/tcp closed unknown 848/tcp closed unknown 852/tcp closed unknown 857/tcp closed unknown 884/tcp closed unknown 888/tcp closed accessbuilder 901/tcp closed samba-swat 904/tcp closed unknown 914/tcp closed unknown 933/tcp closed unknown 949/tcp closed unknown 950/tcp closed oftep-rpc 976/tcp closed unknown 984/tcp closed unknown 985/tcp closed unknown 993/tcp closed imaps 995/tcp closed pop3s 999/tcp closed garcon 1006/tcp closed unknown 1009/tcp closed unknown 1011/tcp closed unknown 1013/tcp closed unknown 1017/tcp closed unknown 1040/tcp closed netsaint 1068/tcp closed instl_bootc 1084/tcp closed ansoft-lm-2 1347/tcp closed bbn-mmc 1352/tcp closed lotusnotes 1370/tcp closed us-gv 1374/tcp closed molly 1376/tcp closed ibm-pps 1400/tcp closed cadkey-tablet 1402/tcp closed prm-sm-np 1410/tcp closed hiq 1415/tcp closed dbstar 1419/tcp closed timbuktu-srv3 1420/tcp closed timbuktu-srv4 1445/tcp closed proxima-lm 1450/tcp closed dwf 1457/tcp closed valisys-lm 1459/tcp closed proshare1 1460/tcp closed proshare2 1481/tcp closed airs 1483/tcp closed afs 1484/tcp closed confluent 1494/tcp closed citrix-ica 1496/tcp closed liberty-lm 1499/tcp closed fhc 1513/tcp closed fujitsu-dtc 1516/tcp closed vpad 1527/tcp closed tlisrv 1534/tcp closed micromuse-lm 1535/tcp closed ampr-info 1542/tcp closed gridgen-elmd 1552/tcp closed pciarray 1662/tcp closed netview-aix-2 1665/tcp closed netview-aix-5 1672/tcp closed netview-aix-12 1680/tcp closed CarbonCopy 1720/tcp closed H.323/Q.931 1723/tcp closed pptp 1755/tcp closed wms 1986/tcp closed licensedaemon 1988/tcp closed tr-rsrb-p2 1993/tcp closed snmp-tcp-port 1997/tcp closed gdp-port 2003/tcp closed cfingerd 2008/tcp closed conf 2042/tcp closed isis 2046/tcp closed sdfunc 2047/tcp closed dls 2401/tcp closed cvspserver 2603/tcp closed ripngd 2784/tcp closed www-dev 3000/tcp closed ppp 3389/tcp closed ms-term-serv 4333/tcp closed msql 4672/tcp closed rfa 4998/tcp closed maybeveritas 5010/tcp closed telelpathstart 5145/tcp closed rmonitor_secure 5191/tcp closed aol-1 5232/tcp closed sgi-dgl 5236/tcp closed padl2sim 5405/tcp closed pcduo 5530/tcp closed sdserv 5680/tcp closed canna 6003/tcp closed X11:3 6105/tcp closed isdninfo 6111/tcp closed spc 6141/tcp closed meta-corp 6142/tcp closed aspentec-lm 6588/tcp closed analogx 7007/tcp closed afs3-bos 8007/tcp closed ajp12 8892/tcp closed seosload 13701/tcp closed VeritasNetbackup 13717/tcp closed VeritasNetbackup 19150/tcp closed gkrellmd 22289/tcp closed wnn6_Cn 31337/tcp closed Elite 32773/tcp closed sometimes-rpc9 32786/tcp closed sometimes-rpc25 65301/tcp closed pcanywhere Too many fingerprints match this host to give specific OS detailsSo, why the question marks next to the open protocols? Next I tried connecting to the telnet and ftp, but I get disconnected straight away. So I tried to get more info on the http and https by calling nmap with -sV -p 80 or -sV -p 443 options. Since it's a web server it is certainly running those services. I get something like
80/tcp open Apache httpdAnyway, no sign of the Apache version. So, how can I find out what version of the Apache a server is running? What is the best way to proceed from here? TIA
_________________________________________________________________Don't just search. Find. Check out the new MSN Search! http://search.msn.com/
Current thread:
- help interpreting the nmap output Ivan Fratric (Dec 14)
- RE: help interpreting the nmap output Harshul Nayak (Dec 17)
- <Possible follow-ups>
- Re: help interpreting the nmap output miguel . dilaj (Dec 15)
- Re: help interpreting the nmap output Corey LeBleu (Dec 16)
- Re: help interpreting the nmap output Corey LeBleu (Dec 16)
- Re: help interpreting the nmap output Corey LeBleu (Dec 16)
- Re: help interpreting the nmap output miguel . dilaj (Dec 17)