Re: help interpreting the nmap output

[Corey LeBleu <coreylebleu () gmail com>]

The question mark means that nmap isn't sure if it really is that
service running on that port ...............so it usually indicates
the default service running on that port.  I recommend the tool amap
www.thc.org to identify if it is the correct service.  Unfortunately
amap only runs on Unix-based operating systems.  I just found out
about the tool and really like it so far.  Or, like previously stated,
you could use telnet or netcat to try to communicate with it manually.
 Hope this helps.


Corey


On Wed, 15 Dec 2004 14:39:40 +0100, miguel.dilaj () pharma novartis com
<miguel.dilaj () pharma novartis com> wrote:
> Hi Ivan,
>
> What tool are you using to try to connect? If you were using telnet, try
> netcat to establish a raw connection instead.
> As for the Apache question:
>
> $ nc -vv 192.xxx.yyy.zzz 80
> www.xxxxxxxxxxxxxxxxxx.net [192.xxx.yyy.zzz] 80 (http) open
> HEAD / HTTP/1.1
> Host: www.xxxxxxxxxxxxxxx.net
> [PRESS ENTER TWICE]
>
> HTTP/1.1 200 OK
> Date: Wed, 15 Dec 2004 13:35:21 GMT
> Server: Apache/1.3.27 (Unix)
> Content-Type: text/html
> [PRESS CTRL-C TO STOP]
>
> So basically you connect to port 80 of the host, after successful
> connection type "HEAD / HTTP/1.1", press ENTER, type "Host: {name of the
> website}", press ENTER twice. If everything is OK you'll get a nice banner
> from the server.
> You can try the above. Remember that's possible to tweak Apache in order
> NOT to show the version.
> Cheers,
>
> Miguel Dilaj (Nekromancer)
> Vice-President of IT Security Research, OISSG
>
> "Ivan Fratric" <hacky_2001 () hotmail com>
> 14/12/2004 18:43
>
>        To:     security-basics () securityfocus com
>        cc:     (bcc: Miguel Dilaj/PH/Novartis)
>        Subject:        help interpreting the nmap output
>
>
> Hi,
>
> I'm running nmap on Windows XP. Normally, it works fine (when I use it to
> scan a computer for which I know what services it's running) and returns
> detailed info on the services installed.
> However, I tried to run it on a web server on the Internet and I have
> trouble getting all the info.
> Using -A -T4 options on a server and I receive the following reply
>
> {snip}
>
> So, why the question marks next to the open protocols? Next I tried
> connecting to the telnet and ftp, but I get disconnected straight away. So
> I
> tried to get more info on the http and https by calling nmap with -sV -p
> 80
> or -sV -p 443 options. Since it's a web server it is certainly running
> those
> services. I get something like
>
> 80/tcp    open   Apache httpd
>
> Anyway, no sign of the Apache version. So, how can I find out what version
>
> of the Apache a server is running? What is the best way to proceed from
> here? TIA
>
> _________________________________________________________________
> Don't just search. Find. Check out the new MSN Search!
> http://search.msn.com/