Nmap Development mailing list archives
Re: some ssl version scanning not working
From: David Fifield <david () bamsoftware com>
Date: Mon, 3 Jan 2011 10:34:48 -0800
On Mon, Jan 03, 2011 at 01:31:28PM -0500, Matt Selsky wrote:
On Jan 1, 2011, at 8:20 PM, David Fifield wrote:On Fri, Dec 31, 2010 at 03:14:13AM -0500, Matt Selsky wrote:I'm having trouble scanning some SSL services (Oracle Enterprise Manager agents in this case) that used to work. I'm running svn trunk... $ ./nmap --datadir . -sV -p3872 -d angelica Starting Nmap 5.36TEST3 ( http://nmap.org ) at 2010-12-31 02:58 EST --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- NSE: Loaded 8 scripts for scanning. Initiating Ping Scan at 02:58 Scanning angelica (10.59.213.70) [2 ports] Completed Ping Scan at 02:58, 0.00s elapsed (1 total hosts) Overall sending rates: 2980.63 packets / s. mass_rdns: Using DNS server 10.59.59.70 mass_rdns: Using DNS server 10.59.62.10 Initiating Parallel DNS resolution of 1 host. at 02:58 mass_rdns: 0.01s 0/1 [#: 2, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1] Completed Parallel DNS resolution of 1 host. at 02:58, 0.01s elapsed DNS resolution of 1 IPs took 0.01s. Mode: Async [#: 2, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0] Initiating Connect Scan at 02:58 Scanning angelica (10.59.213.70) [1 port] Discovered open port 3872/tcp on 128.59.213.70 Completed Connect Scan at 02:58, 0.00s elapsed (1 total ports) Overall sending rates: 1396.65 packets / s. Initiating Service scan at 02:58 Scanning 1 service on angelica (10.59.213.70) Got nsock CONNECT response with status ERROR - aborting this serviceDo you think this is the same error you were getting with ssl-cert.nse? http://seclists.org/nmap-dev/2010/q4/71 It would be a big help if you can identify a revision when this started happening.r19801 broke things for the Google Search appliance scan. "Let nmap.connect take a host table and port table in place of a string and an integer. This is going to be used to easily support Server Name Indication for SSL connections." I'm still working out what commit broke the OEM agent probe.
Good work. I'll check it out. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: some ssl version scanning not working David Fifield (Jan 01)
- Re: some ssl version scanning not working Matt Selsky (Jan 03)
- Re: some ssl version scanning not working David Fifield (Jan 03)
- Re: some ssl version scanning not working Matt Selsky (Jan 23)
- Re: some ssl version scanning not working [patch] Matt Selsky (Jan 23)
- Re: some ssl version scanning not working David Fifield (Jan 03)
- Re: some ssl version scanning not working Matt Selsky (Jan 03)