Re: Comments on OS detection 2nd generation (soft fingerprinting)

[Fyodor <fyodor () insecure org>]

On Sat, May 27, 2006 at 12:40:23AM -0400, Joshua D. Abraham wrote:
> >
> What I was suggesting is that the user may want to verify the
> version detection and sometimes the banner is a useful way of
> doing so.

Another good way is the --version-trace option, which shows the data
sent and received in real time.  For example:

syn~>nmap -sV --version-trace -p22 scanme.nmap.org

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-05-27 00:44 PDT
Hostupdate called for machine 205.217.153.62 state UNKNOWN/COMBO -> HOST_UP (trynum 0, dotimeadj: yes time: 271)
Finished block: srtt: 393 rttvar: 5000 timeout: 100000 block_tries: 1 up_this_block: 1 down_this_block: 0 group_sz: 1
massping done:  num_hosts: 1  num_responses: 1
mass_rdns: Using DNS server 127.0.0.1
mass_rdns: Using DNS server 205.217.152.16
Performing system-dns for 1 domain names that use CNAMEs
DNS resolution of 1 IPs took 0.20s. Mode: Async [#: 2, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 1]
NSOCK (0.3900s) TCP connection requested to 205.217.153.62:22 (IOD #1) EID 8
NSOCK (0.3940s) nsock_loop() started (no timeout). 1 events pending
NSOCK (0.3940s) Callback: CONNECT SUCCESS for EID 8 [205.217.153.62:22]
NSOCK (0.3940s) Read request from IOD #1 [205.217.153.62:22] (timeout: 6000ms) EID 18
NSOCK (0.3980s) Callback: READ SUCCESS for EID 18 [205.217.153.62:22] (20 bytes): SSH-2.0-OpenSSH_4.3.
Starting RPC scan against scanme.nmap.org (205.217.153.62)
Interesting ports on scanme.nmap.org (205.217.153.62):
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 4.3 (protocol 2.0)
Final times for host: srtt: 372 rttvar: 3791  to: 100000

Nmap finished: 1 IP address (1 host up) scanned in 0.401 seconds
syn~>


Cheers,
Fyodor


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev