Nmap Development mailing list archives
Re: tls-nextprotoneg.nse and duckduckgo.com:443
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 14 Nov 2014 23:30:46 -0600
On Fri, Nov 14, 2014 at 7:22 PM, Jacek Wielemborek <d33tah () gmail com> wrote:
Hi,
Below is the -d9 log - I modified the script's debug "Server response was not server_hello." message. By the way, isn't the "Raw packets sent" message a bit confusing since --script="tls-nextprotoneg" generated much more than 44 bytes of IP data? Perhaps something along the lines of "(not including packets generated by connect())" would be appropriate there.
It's an accurate count of *raw* packets. I'm not sure how helpful that metric is, but it's truthful anyway.
$ nmap 176.34.131.233 -p 443 --script="tls-nextprotoneg" -d9 -Pn -n 2>&1
Starting Nmap 6.45 ( http://nmap.org ) at 2014-11-15 02:18 CET
Have you tried a more recent version? I know that we added more ciphersuites to the handshake recently ( http://seclists.org/nmap-dev/2014/q3/119), plus there have been parsing improvements in tls.lua Dan
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- tls-nextprotoneg.nse and duckduckgo.com:443 Jacek Wielemborek (Nov 14)
- Re: tls-nextprotoneg.nse and duckduckgo.com:443 Daniel Miller (Nov 14)
- Re: tls-nextprotoneg.nse and duckduckgo.com:443 Jacek Wielemborek (Nov 14)
- Re: tls-nextprotoneg.nse and duckduckgo.com:443 Daniel Miller (Nov 14)