Security Basics mailing list archives
Re: nmap port name question?
From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Wed, 18 Sep 2013 15:19:49 -0700
2013/9/17 ToddAndMargo <ToddAndMargo () zoho com <mailto:ToddAndMargo () zoho com>> Hi All, When nmap tells you a service associated with a port, for example, 137/tcp closed netbios-ns reset does nmap get the name of the port from my /etc/services, or is the name hard coded into nmap? Many thansk, -T
On 09/18/2013 02:19 PM, Molinero wrote:
"While Nmap does many things, its most fundamental feature is port scanning. Point Nmap at a remote machine, and it might tell you that ports |25/tcp|, |80/tcp|, and |53/udp| are open. Using its |nmap-services| database of more than 2,200 well-known services, Nmap would report that those ports probably correspond to a mail server (SMTP), web server (HTTP), and name server (DNS) respectively..."
Hi Molinero, My main focus was that nmap was using its own updates tables. My /etc/services comes from RHEL, which, by Red Hat's design, is purposfully "out-of-date". I wanted to make sure I was not missing any new services. Thank you for the help! This is what blew my mind: # nmap --reason 192.168.255.112 Starting Nmap 6.25 ( http://nmap.org ) at 2013-09-16 19:42 PDT Nmap scan report for KVM-W7.rent-a-nerd.local (192.168.255.112) Host is up, received arp-response (0.00044s latency). Not shown: 989 closed ports Reason: 989 resets PORT STATE SERVICE REASON 135/tcp open msrpc syn-ack 139/tcp open netbios-ssn syn-ack 445/tcp open microsoft-ds syn-ack 1110/tcp filtered nfsd-status no-response 5357/tcp open wsdapi syn-ack 49152/tcp open unknown syn-ack 49153/tcp open unknown syn-ack 49154/tcp open unknown syn-ack 49155/tcp open unknown syn-ack 49156/tcp open unknown syn-ack 49157/tcp open unknown syn-ack What were all these 4915x ports? Turned out they were all M$ RPC ports.Reference: http://serverfault.com/questions/526607/what-is-msrpc-needed-for-on-a-windows-7-workstation
Port Serv Process name 49152, msrpc [wininit.exe] 49153, msrpc [svchost.exe, Eventlog] 49154, msrpc [svchost.exe, Schedule] 49155, msrpc [lsass.exe] 49157, msrpc [services.exe] 49159, msrpc [svchost.exe, PolicyAgent] Many thanks, -T -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computers are like air conditioners. They malfunction when you open windows ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- nmap port name question? ToddAndMargo (Sep 18)
- Re: nmap port name question? Austin Jorden (Sep 18)
- Message not available
- Re: nmap port name question? ToddAndMargo (Sep 18)
- Message not available
- Re: nmap port name question? ToddAndMargo (Sep 18)