Nmap Development mailing list archives

Re: service misidentification

From: Josh Amishav-Zlatin <jamuse () gmail com>
Date: Thu, 23 Jun 2016 23:38:20 +0300

Hi Phil,

Thanks for the suggestion. The .nmap report for v6.47 has:
Service scan match (Probe TerminalServer matched with TerminalServer line
11184): x.x.x.x:33896 is ms-wbt-server.  Version: |Microsoft Terminal
Service|||

while the report for v7.12SVN just has:
Service scan sending probe TerminalServer to x.x.x.x:33896 (tcp)

So I've confirmed that they both send the TerminalServer probe and AFAICT
the service probe for TerminalServer has not changed between versions. Why
is there a discrepancy between the two versions?

- Josh

On Thu, Jun 23, 2016 at 11:08 PM, Phil <mainframed767 () gmail com> wrote:

If you turn on verbose debugging (-ddd) you can see which probes are being
sent.

i.e.: Service scan sending probe GetRequest to 10.10.0.1:443 (tcp)

Then you can either search in the terminal or use -oA /tmp/testscan can
look at the top of the file /tmp/testscan.nmap to see which probes were
sent.

On Jun 23, 2016, at 12:59 PM, Josh Amishav-Zlatin <jamuse () gmail com>

wrote:


When I run nmap v6.47 against an RDP server on a non-standard port, the

service is correctly identified. However, when I run the same command using
nmap 7.12SVN the service is not correctly identified. For example:


#:/opt/nmap-6.47# ./nmap -A -p 33896 -Pn x.x.x.x
...
PORT      STATE SERVICE       VERSION
33896/tcp open  ms-wbt-server Microsoft Terminal Service

#:/opt/nmap-7.12SVN# ./nmap -A -p 33896 -Pn x.x.x.x
...
PORT      STATE SERVICE       VERSION
33896/tcp open  ssl/unknown

I've tried setting the --version-intensity to 9, but no joy. How can I

debug and fix this issue?

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

service misidentification Josh Amishav-Zlatin (Jun 23)
- Re: service misidentification Phil (Jun 23)
  - Re: service misidentification Josh Amishav-Zlatin (Jun 23)
- Re: service misidentification Daniel Miller (Jun 23)
  - Re: service misidentification Josh Amishav-Zlatin (Jun 24)
    - Re: service misidentification Daniel Miller (Jun 27)
    - Re: service misidentification Josh Amishav-Zlatin (Jun 27)
    - Re: service misidentification Josh Amishav-Zlatin (Jun 29)
    - Re: service misidentification Daniel Miller (Jun 29)