Nmap Development mailing list archives
Re: scan results depend on logfile mode???
From: Béla Szekeres (pókusz) <pokusz () gmail com>
Date: Sun, 20 Dec 2015 01:33:47 +0100
Hi again, One step ahead. (The ports correctly are 33550 and 33562. Sorry for the editing.) The difference between the two ports is that 33550 appears in nmap-services. If I also include 33562 in nmap-services (even with 0 frequency), it is found as ssl by the service scan even in -oG logmode. If the port is not included in the file, it is not detected as ssl in -oG, but detected in -oN logmode. Remember, I specify the ports with -p, so this file should not matter, as far as I know. Still the question, why is it scanning differently if the logmode is different. Best regards, Bela Szekeres On Sat, Dec 19, 2015 at 8:20 PM, Béla Szekeres (pókusz) <pokusz () gmail com> wrote:
Hi all, I have a weird problem with nmap which is driving me mad. I'm running nmap 7.01 on Kali 2.0. I have a server with 2 SSL ports, both ports are configured identically, OpenSSL can connect to both ports. If I run nmap to scan the server, the results depend on the logfile mode... ================= root@kali:~# nmap -Pn -sV -p3550,3562 -oN - pi196 # Nmap 7.01 scan initiated Sat Dec 19 20:12:55 2015 as: nmap -Pn -sV -p3550,3562 -oN - pi196 Nmap scan report for pi196 (xxx) Host is up (0.0042s latency). PORT STATE SERVICE VERSION 3550/tcp open ssl/unknown 3562/tcp open ssl/unknown Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Sat Dec 19 20:13:18 2015 -- 1 IP address (1 host up) scanned in 23.72 seconds ================= root@kali:~# nmap -Pn -sV -p3550,3562 -oG - pi196 # Nmap 7.01 scan initiated Sat Dec 19 20:13:23 2015 as: nmap -Pn -sV -p3550,3562 -oG - pi196 Host: xxx (pi196) Status: Up Host: xxx (pi196) Ports: 3550/open/tcp//ssl|unknown///, 3562/open/tcp///// # Nmap done at Sat Dec 19 20:13:46 2015 -- 1 IP address (1 host up) scanned in 23.73 seconds ================= I compared the packet trace of both scans and I see only minimal differences. Tried to recompile the source but the results are the same. Any ideas? Best regards, Bela Szekeres
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- scan results depend on logfile mode??? pókusz (Dec 19)
- Re: scan results depend on logfile mode??? pókusz (Dec 19)
- Re: scan results depend on logfile mode??? Daniel Miller (Dec 19)
- Re: scan results depend on logfile mode??? pókusz (Dec 21)
- Re: scan results depend on logfile mode??? Daniel Miller (Dec 19)
- Re: scan results depend on logfile mode??? pókusz (Dec 19)