Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: scan results depend on logfile mode???

From: Béla Szekeres (pókusz) <pokusz () gmail com>
Date: Mon, 21 Dec 2015 15:26:32 +0100
Hi Dan,

Thanks for the quick response and fix. By fixing nmap, you also fixed
OpenVAS, which used nmap with this logmode for service detection :-)

Bela

On Sun, Dec 20, 2015 at 6:37 AM, Daniel Miller <bonsaiviking () gmail com>
wrote:


Béla,

Thanks for reporting this! This has apparently been a long-standing bug in
Nmap, which I just fixed with your help in r35536. In an attempt to not
always print "unknown" in a field that could otherwise simply be blank, we
did not print any service info in grepable output if the service did not
have a positively-identified name. Unfortunately, this resulted in
discarding service tunnel info, as you found. I changed the check to also
check for a service tunnel, copying a condition from further on in the same
function that we use for printing the service info in XML.

Dan

On Sat, Dec 19, 2015 at 6:33 PM, Béla Szekeres (pókusz) <pokusz () gmail com>
wrote:


Hi again,

One step ahead. (The ports correctly are 33550 and 33562. Sorry for the
editing.)

The difference between the two ports is that 33550 appears in
nmap-services. If I also include 33562 in nmap-services (even with 0
frequency), it is found as ssl by the service scan even in -oG logmode. If
the port is not included in the file, it is not detected as ssl in -oG, but
detected in -oN logmode. Remember, I specify the ports with -p, so this
file should not matter, as far as I know.

Still the question, why is it scanning differently if the logmode is
different.

Best regards,
Bela Szekeres


On Sat, Dec 19, 2015 at 8:20 PM, Béla Szekeres (pókusz) <pokusz () gmail com

wrote:



Hi all,


I have a weird problem with nmap which is driving me mad. I'm running
nmap 7.01 on Kali 2.0.

I have a server with 2 SSL ports, both ports are configured identically,
OpenSSL can connect to both ports. If I run nmap to scan the server, the
results depend on the logfile mode...

=================
root@kali:~# nmap -Pn -sV -p3550,3562 -oN  - pi196
# Nmap 7.01 scan initiated Sat Dec 19 20:12:55 2015 as: nmap -Pn -sV
-p3550,3562 -oN - pi196
Nmap scan report for pi196 (xxx)
Host is up (0.0042s latency).
PORT      STATE SERVICE     VERSION
3550/tcp open  ssl/unknown
3562/tcp open  ssl/unknown

Service detection performed. Please report any incorrect results at
https://nmap.org/submit/ .
# Nmap done at Sat Dec 19 20:13:18 2015 -- 1 IP address (1 host up)
scanned in 23.72 seconds
=================
root@kali:~# nmap -Pn -sV -p3550,3562 -oG  - pi196
# Nmap 7.01 scan initiated Sat Dec 19 20:13:23 2015 as: nmap -Pn -sV
-p3550,3562 -oG - pi196
Host: xxx (pi196)    Status: Up
Host: xxx (pi196)    Ports: 3550/open/tcp//ssl|unknown///,
3562/open/tcp/////
# Nmap done at Sat Dec 19 20:13:46 2015 -- 1 IP address (1 host up)
scanned in 23.73 seconds
=================

I compared the packet trace of both scans and I see only minimal
differences. Tried to recompile the source but the results are the same.

Any ideas?

Best regards,
Bela Szekeres




_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/





_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: