Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: sniffer-detect.nse --->windows XP SP3.-

From: Jacky Jack <jacksonsmth698 () gmail com>
Date: Thu, 12 Aug 2010 10:40:43 +0800
As far as I know,  Nmap will tell you "Sniffer found" whenever you
scan a host with commercial firewall/AV installed (They're intercept
most traffic) or scan a wireless AP.
Guys, correct me if I'm wrong.


On Thu, Aug 12, 2010 at 6:08 AM, D.Cba. Cba. <danielcba () hotmail com> wrote:



Hi List,
I have not installed a sniffer, but

nmap -T4 -script sniffer-detect.nse -O 10.190.100.62
Starting Nmap 5.00 ( http://nmap.org ) at 2010-08-11 14:03 ART
Interesting ports on 10.190.100.62:
Not shown: 991 filtered ports
PORT      STATE  SERVICE
135/tcp   open   msrpc
139/tcp   open   netbios-ssn
445/tcp   open   microsoft-ds
2869/tcp  closed unknown
2967/tcp  closed symantec-av
3389/tcp  open   ms-term-serv
6129/tcp  closed unknown
10243/tcp closed unknown
55821/tcp open   OfficeScan
MAC Address: 00:21:6B:5B:DA:F6 (Intel Corporate)
Device type: general purpose
Running (JUST GUESSING) : Microsoft Windows XP|2000|2003 (91%)
Aggressive OS guesses: Microsoft Windows XP SP3 (91%), Microsoft Windows XP SP2 (89%), Microsoft Windows XP SP2 or 
SP3 (86%), Microsoft Windows 2000 SP4 or Windows XP SP2 or SP3 (86%), Microsoft Windows XP Professional SP1 (86%), 
Microsoft Windows 2003 Small Business Server (85%), Microsoft Windows XP Professional SP2 (85%), Microsoft Windows 
Server 2003 SP2 (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop

Host script results:
|_ sniffer-detect: Unknown (tests: "________")

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.62 seconds


I should check better target windows? or is a common mistake.
Saludos.


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: