please clarify this for me

[mike <dmciscobgp () hotmail com>]

all:

 

maybe i am not doing something right here, but i am a bit confused with reguards to using "version-all | 
version-intensity 9" flags. i have a service listening i turned on randomly and i noticed something i thought was not 
looking right. from what i understand, when you set the version to "all" in -sV probing, this should go through EVERY 
PROBE AVAILABLE IN THE SERVICE PROBE LIST or does it only go by the port number being referenced to decide what probes 
go out? what if someone still wanted to (and had the time to kill) see every probe test fired at a service just for 
testing pruposes? apparently i am not seeing this behavoir as you can refer to the following:

 

the result i found in my case was it went through about only 20 probes when it could not detect the service.should this 
not have gone through the ENTIRE 1,000 plus probes list to remain accurate? i would mention the same behavoir when 
calling a connect() scan and i turned on debugging to query a port 445 listening service and the debug output i got 
back was the following:

 

***********************************************

Fetchfile found .iax2-version.nse

Fetchfile found ./pptp-version.nse

Fetchfile found ./skype2-version.nse

NSE: Loaded 3 scripts for scanning

***********************************************

 

it later on started scanning. i mention this because i am a bit lost in the fact that if i am querying 445 , what would 
that have to do with loading skype and pptp scripts to be ran? i never even specified a script to be ran in this case 
from NSE. the exact nmap line was this:

 

nmap -n -v -p 445 -P0 -reason -ttl 64 -sV-max-retries 1 -sT -d3  (target)

 

is it a default for nmap to load a script even when the user has not made mention of one anyway? i found it really 
interesting in the output i posted above that the scripts loaded were BEFORE the scanning even started! it loaded 3 
scripts supposedly and it never even started scanning 445 to check to see if those scripts were necessary. i really 
hope i have not confused everyone. just trying to find out why i see what i see. i was also wondering if there is a 
way/will ever be a way to use the wildcard option when it comes to the version probe list. an example like the 
script="foo*" could be used in the version probes (for all possible snmp probes --version="snmp*", despite the port 
number having to match. i beleive this is what the tool AMAP did for it's testing) at least that way i could try and 
get more probes sent out that for some reason nmap seems to completely skip. thank you for delving into this. maybe 
someone already knows about these items

 

m|ke
                                          
_________________________________________________________________
Windows 7: It helps you do more. Explore Windows 7.
http://www.microsoft.com/Windows/windows-7/default.aspx?ocid=PID24727::T:WLMTAGL:ON:WL:en-US:WWL_WIN_evergreen3:102009
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/