Nmap Development mailing list archives
Re: service misidentification
From: Josh Amishav-Zlatin <jamuse () gmail com>
Date: Thu, 23 Jun 2016 23:38:20 +0300
Hi Phil, Thanks for the suggestion. The .nmap report for v6.47 has: Service scan match (Probe TerminalServer matched with TerminalServer line 11184): x.x.x.x:33896 is ms-wbt-server. Version: |Microsoft Terminal Service||| while the report for v7.12SVN just has: Service scan sending probe TerminalServer to x.x.x.x:33896 (tcp) So I've confirmed that they both send the TerminalServer probe and AFAICT the service probe for TerminalServer has not changed between versions. Why is there a discrepancy between the two versions? - Josh On Thu, Jun 23, 2016 at 11:08 PM, Phil <mainframed767 () gmail com> wrote:
If you turn on verbose debugging (-ddd) you can see which probes are being sent. i.e.: Service scan sending probe GetRequest to 10.10.0.1:443 (tcp) Then you can either search in the terminal or use -oA /tmp/testscan can look at the top of the file /tmp/testscan.nmap to see which probes were sent.On Jun 23, 2016, at 12:59 PM, Josh Amishav-Zlatin <jamuse () gmail com>wrote:When I run nmap v6.47 against an RDP server on a non-standard port, theservice is correctly identified. However, when I run the same command using nmap 7.12SVN the service is not correctly identified. For example:#:/opt/nmap-6.47# ./nmap -A -p 33896 -Pn x.x.x.x ... PORT STATE SERVICE VERSION 33896/tcp open ms-wbt-server Microsoft Terminal Service #:/opt/nmap-7.12SVN# ./nmap -A -p 33896 -Pn x.x.x.x ... PORT STATE SERVICE VERSION 33896/tcp open ssl/unknown I've tried setting the --version-intensity to 9, but no joy. How can Idebug and fix this issue?_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- service misidentification Josh Amishav-Zlatin (Jun 23)
- Re: service misidentification Phil (Jun 23)
- Re: service misidentification Josh Amishav-Zlatin (Jun 23)
- Re: service misidentification Daniel Miller (Jun 23)
- Re: service misidentification Josh Amishav-Zlatin (Jun 24)
- Re: service misidentification Daniel Miller (Jun 27)
- Re: service misidentification Josh Amishav-Zlatin (Jun 27)
- Re: service misidentification Josh Amishav-Zlatin (Jun 29)
- Re: service misidentification Daniel Miller (Jun 29)
- Re: service misidentification Josh Amishav-Zlatin (Jun 24)
- Re: service misidentification Phil (Jun 23)