Security Basics mailing list archives
Re: don't understand the output of nmap -sV
From: Luther Blissett <lblissett () paranoici org>
Date: Thu, 19 Dec 2013 17:59:55 -0200
On Sat, 2013-12-14 at 01:50 +0100, Lentes, Bernd wrote:
Hi, i try to check if a SNMP service is available. I did the following: pc59093:~ # nmap -sU -sV -p161,162 pc53200 The response was: Starting Nmap 4.75 ( http://nmap.org ) at 2013-12-13 21:59 CET Interesting ports on pc53200.xxxxxxxxxxxxx: PORT STATE SERVICE VERSION 161/udp open snmp SNMPv3 server 162/udp open snmp SNMPv3 server 2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port161-UDP:V=4.75%I=7%D=12/13%Time=52AB752E%P=x86_64-suse-linux-gnu%r( SF:SNMPv3GetRequest,73,"0q\x02\x01\x030\x0f\x02\x02Ji\x02\x03\0\xff\xe3\x0 SF:4\x01\0\x02\x01\x03\x04\$0\"\x04\x11\x80\0\x1f\x88\x80\xc0d\xa6d7\xcb\x SF:89H\0\0\0\0\x02\x02\x03\x19\x02\x03\x01i\xf2\x04\0\x04\0\x04\x0005\x04\ SF:x11\x80\0\x1f\x88\x80\xc0d\xa6d7\xcb\x89H\0\0\0\0\x04\0\xa8\x1e\x02\x02 SF:7\xf0\x02\x01\0\x02\x01\x000\x120\x10\x06\n\+\x06\x01\x06\x03\x0f\x01\x SF:01\x04\0A\x02\x01\n"); ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port162-UDP:V=4.75%I=7%D=12/13%Time=52AB7551%P=x86_64-suse-linux-gnu%r( SF:SNMPv3GetRequest,56,"0T\x02\x01\x030\x0e\x02\x02Ji\x02\x02\x05\xdc\x04\ SF:x01\0\x02\x01\x03\x04\x1a0\x18\x04\x07initial\x02\x01\x01\x02\x04\0\xb2 SF:\x1d\x06\x04\0\x04\0\x04\x000#\x04\0\x04\0\xa8\x1d\x02\x027\xf0\x02\x01 SF:\0\x02\x01\x000\x110\x0f\x06\n\+\x06\x01\x06\x03\x0f\x01\x01\x04\0A\x01 SF:\0"); Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 46.56 seconds On one hand, the response said it's a SNMPv3 server. On the other hand nmap said it can't recognize the service. That does not make sense to me. Thanks for any help
I'd say nmap just gave you a probable guess on the service running on those ports according to the "SNMPv3" string found on the fingerprint. However, since this specific fingerprint does not match nmap's fp database, it alerts you to confirm that the service is really this and to feedback community by sending your results. Once you and others have done this nmap can grow it's certainty of service version. -- 010 001 111
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- don't understand the output of nmap -sV Lentes, Bernd (Dec 18)
- Re: don't understand the output of nmap -sV Luther Blissett (Dec 22)