Nmap Development mailing list archives
please clarify this for me
From: mike <dmciscobgp () hotmail com>
Date: Sat, 24 Oct 2009 01:49:14 +0000
all: maybe i am not doing something right here, but i am a bit confused with reguards to using "version-all | version-intensity 9" flags. i have a service listening i turned on randomly and i noticed something i thought was not looking right. from what i understand, when you set the version to "all" in -sV probing, this should go through EVERY PROBE AVAILABLE IN THE SERVICE PROBE LIST or does it only go by the port number being referenced to decide what probes go out? what if someone still wanted to (and had the time to kill) see every probe test fired at a service just for testing pruposes? apparently i am not seeing this behavoir as you can refer to the following: the result i found in my case was it went through about only 20 probes when it could not detect the service.should this not have gone through the ENTIRE 1,000 plus probes list to remain accurate? i would mention the same behavoir when calling a connect() scan and i turned on debugging to query a port 445 listening service and the debug output i got back was the following: *********************************************** Fetchfile found .iax2-version.nse Fetchfile found ./pptp-version.nse Fetchfile found ./skype2-version.nse NSE: Loaded 3 scripts for scanning *********************************************** it later on started scanning. i mention this because i am a bit lost in the fact that if i am querying 445 , what would that have to do with loading skype and pptp scripts to be ran? i never even specified a script to be ran in this case from NSE. the exact nmap line was this: nmap -n -v -p 445 -P0 -reason -ttl 64 -sV-max-retries 1 -sT -d3 (target) is it a default for nmap to load a script even when the user has not made mention of one anyway? i found it really interesting in the output i posted above that the scripts loaded were BEFORE the scanning even started! it loaded 3 scripts supposedly and it never even started scanning 445 to check to see if those scripts were necessary. i really hope i have not confused everyone. just trying to find out why i see what i see. i was also wondering if there is a way/will ever be a way to use the wildcard option when it comes to the version probe list. an example like the script="foo*" could be used in the version probes (for all possible snmp probes --version="snmp*", despite the port number having to match. i beleive this is what the tool AMAP did for it's testing) at least that way i could try and get more probes sent out that for some reason nmap seems to completely skip. thank you for delving into this. maybe someone already knows about these items m|ke _________________________________________________________________ Windows 7: It helps you do more. Explore Windows 7. http://www.microsoft.com/Windows/windows-7/default.aspx?ocid=PID24727::T:WLMTAGL:ON:WL:en-US:WWL_WIN_evergreen3:102009 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- please clarify this for me mike (Oct 23)
- Re: please clarify this for me David Fifield (Oct 23)