Nmap Development mailing list archives
fingerprint and port additions, question
From: "Jeremy M. Dolan" <jmd () pobox com>
Date: Sun, 21 Oct 2001 04:06:29 -0500
I sent this about two months ago, never got an error back, and never
saw it end up in the web archive, so I don't know what happened. Here
it comes again
----------------------------------------------------------------------
Fingerprint addition:
Submitted by: "Jeremy M. Dolan" <jmd () pobox com>
OS type: Copper Mountain Networks CopperEdge200 DSL Concentrator (Jan
13 2000, 21:27:54 build)
IP Address: 216.233.173.137
Remote operating system guess: HP j4813A ProCurve Switch 2524
OS Fingerprint:
TSeq(Class=64K%IPID=I%TS=U)
T1(Resp=Y%DF=N%W=2000%ACK=S++%Flags=AS%Ops=MNW)
T2(Resp=N)
T3(Resp=Y%DF=N%W=2000%ACK=O%Flags=A%Ops=)
T4(Resp=Y%DF=N%W=2000%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
TCP Sequence Prediction: Class=64K rule
Difficulty=1 (Trivial joke)
TCP ISN Seq. Numbers: 3DCF4FBD 3DD049BD 3DD337BD 3DD431BD 3DD52BBD 3DD625BD
IPID Sequence Generation: Incremental
nmap is guessing wrong, you can telnet to it and its banner verifies.
Some docs on this piece of equipment:
http://coppermountain.com/library/datasheets/pdf/10200ds.pdf
----------------------------------------------------------------------
Some ports I'd like to see added to nmap-services:
26000/udp quake # Quake game server
26900/udp hexen2 # Hexen 2 game server
27015/udp halflife # Half-life game server
27500/udp quakeworld # QuakeWorld game server
27910/udp quake2 # Quake 2 game server
27960/udp quake3 # Quake 3 arena game server
28910/udp heretic2 # Heretic 2 game server
6346/tcp gnutella # Gnutella file sharing protocol
27374/tcp sub7trojan # Sub7 backdoor trojan
And these should be changed from:
vnc 5800/tcp
vnc 5801/tcp
vnc 5900/tcp # Virtual Network Computer
vnc-1 5901/tcp # Virtual Network Computer Display :1
vnc-2 5902/tcp # Virtual Network Computer Display :2
to:
vnc 5800/tcp # Virtual Network Computer display 0
vnc-1 5801/tcp # Virtual Network Computer display 1
vnc-2 5802/tcp # Virtual Network Computer display 2
vnc-http 5900/tcp # Virtual Network Computer HTTP access, display 0
vnc-http-1 5901/tcp # Virtual Network Computer HTTP access, display 1
vnc-http-2 5902/tcp # Virtual Network Computer HTTP access, display 2
----------------------------------------------------------------------
Are there any plans for MSRPC support, like -sR does SunRPC? And will
nmap eventually (or is there another program, maybe) that will poke a
specific port sending commands and listening for responces to try and
tell what server is running? (Rather then guessing just based on port
number)
Keep up the good work,
/jmd
--
Jeremy M. Dolan <mailto:jmd () pobox com> <http://turbogeek.org/>
PGP: 1024D/DC433DEE 494C 7A6E 19FB 026A 1F52 E0D5 5C5D 6228 DC43 3DEE
Attachment:
_bin
Description:
Current thread:
- fingerprint and port additions, question Jeremy M. Dolan (Oct 21)
- Re: fingerprint and port additions, question H D Moore (Oct 21)
- Re: fingerprint and port additions, question Fyodor (Dec 29)