Nmap Development mailing list archives
Re: some ssl version scanning not working
From: Matt Selsky <selsky () columbia edu>
Date: Mon, 3 Jan 2011 13:31:28 -0500
On Jan 1, 2011, at 8:20 PM, David Fifield wrote:
On Fri, Dec 31, 2010 at 03:14:13AM -0500, Matt Selsky wrote:I'm having trouble scanning some SSL services (Oracle Enterprise Manager agents in this case) that used to work. I'm running svn trunk... $ ./nmap --datadir . -sV -p3872 -d angelica Starting Nmap 5.36TEST3 ( http://nmap.org ) at 2010-12-31 02:58 EST --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- NSE: Loaded 8 scripts for scanning. Initiating Ping Scan at 02:58 Scanning angelica (10.59.213.70) [2 ports] Completed Ping Scan at 02:58, 0.00s elapsed (1 total hosts) Overall sending rates: 2980.63 packets / s. mass_rdns: Using DNS server 10.59.59.70 mass_rdns: Using DNS server 10.59.62.10 Initiating Parallel DNS resolution of 1 host. at 02:58 mass_rdns: 0.01s 0/1 [#: 2, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1] Completed Parallel DNS resolution of 1 host. at 02:58, 0.01s elapsed DNS resolution of 1 IPs took 0.01s. Mode: Async [#: 2, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0] Initiating Connect Scan at 02:58 Scanning angelica (10.59.213.70) [1 port] Discovered open port 3872/tcp on 128.59.213.70 Completed Connect Scan at 02:58, 0.00s elapsed (1 total ports) Overall sending rates: 1396.65 packets / s. Initiating Service scan at 02:58 Scanning 1 service on angelica (10.59.213.70) Got nsock CONNECT response with status ERROR - aborting this serviceDo you think this is the same error you were getting with ssl-cert.nse? http://seclists.org/nmap-dev/2010/q4/71 It would be a big help if you can identify a revision when this started happening.
r19801 broke things for the Google Search appliance scan. "Let nmap.connect take a host table and port table in place of a string and an integer. This is going to be used to easily support Server Name Indication for SSL connections." I'm still working out what commit broke the OEM agent probe. -- Matt _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: some ssl version scanning not working David Fifield (Jan 01)
- Re: some ssl version scanning not working Matt Selsky (Jan 03)
- Re: some ssl version scanning not working David Fifield (Jan 03)
- Re: some ssl version scanning not working Matt Selsky (Jan 23)
- Re: some ssl version scanning not working [patch] Matt Selsky (Jan 23)
- Re: some ssl version scanning not working David Fifield (Jan 03)
- Re: some ssl version scanning not working Matt Selsky (Jan 03)