Nmap Development mailing list archives
NSock error when scanning nessusd
From: Tom Sellers <nmap () fadedcode net>
Date: Fri, 13 Jun 2008 17:40:47 -0500
I came across a nessusd instance today that I knew should have a fingerprint but was unidentified by Nmap. Nmap reports the following: PORT STATE SERVICE VERSION 1241/tcp open ssl/unknown After checking that the service response to the probe matched the match line I ran the scan again with -d and -v. I can see where nessus gets a service match here: Service scan match (Probe SSLSessionReq matched with SSLSessionReq): xxx.xxx.xxx.113:1241 is ssl. Version: |Nessus security scanner||| but then it does this: NSOCK (6.2400s) msevent_new (IOD #2) (EID #41) NSOCK (6.2400s) SSL/TCP connection requested to xxx.xxx.xxx.113:1241 (IOD #2) EID 41 NSOCK (6.2400s) msevent_delete (IOD #2) (EID #34) NSOCK (6.2400s) wait_for_events NSOCK (7.3500s) wait_for_events NSOCK (7.3500s) Callback: SSL-CONNECT ERROR [Unknown error (10107)] for EID 41 [xxx.xxx.xxx.113:1241] Got nsock CONNECT response with status ERROR - aborting this service NSOCK (7.3500s) msevent_delete (IOD #2) (EID #41) and gives up the fingerprint of this service. It did this over multiple scans using NMap 4.65 and a version of Nmap checked out of SVN this morning. I have attached a file containing the normal scan output and then another scan using -v -d9 -n -p1241 --version-trace -sV If it matters both hosts are on the same subnet. Version information: Nmap version: Nmap 4.65 Nessus version: nessusd (Nessus) 3.0.6. [build 283] for Linux Tom
Attachment:
nessus_debug.txt
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NSock error when scanning nessusd Tom Sellers (Jun 13)
- Re: NSock error when scanning nessusd Brandon Enright (Jun 13)
- Re: NSock error when scanning nessusd Tom Sellers (Jun 13)
- Re: NSock error when scanning nessusd Brandon Enright (Jun 13)