Penetration Testing mailing list archives
Re: Nmap output
From: "Nikhil Wagholikar" <visitnikhil () gmail com>
Date: Fri, 21 Nov 2008 13:03:12 +0530
Hello Maash, I appreciate you tried the same parameters on Ubuntu i.e. Linux operating system. However, it wouldn't be possible that NMap didn't provide you with any OS guess. If Nmap is not sure of the remote operating system, then it would provide you with list of operating systems based on its level of guesses. For version detection, you would have to provide '-v' switch of Nmap along with the options you already provided. Else to perform both Operating system guess and version detection (with script scan and Traceroute) in one go, you can use '-A' switch of Nmap. As far as open ports reporting of Nmap is concerned, you can check which Nmap (I mean from Microsoft Windows and UNIX/Linux) is providing you correct results, by executing Nmap from both these systems and then verifying the results manually by TELNETting to those open ports on remote system. However, there is no doubt that NMap as a product, is a wonderful, powerful and reliable port scanning tool. Fydoor and his team is making utmost efforts to make sure that no version of Nmap (may that be on Microsoft Windows or UNIX/Linux) provides with any false positive results. --- NIKHIL WAGHOLIKAR Practice Lead | Security Assessment and Digital Forensics NII Consulting Web: http://www.niiconsulting.com/ Security Products: http://www.niiconsulting.com/products.html 2008/11/21 Maash <maash.rajani () gmail com>:
I tried the same parameters on Ubuntu, this time nmap does not detect any OS, versions or port. Which is more reliable the windows scan results or the linux and why. On Thu, Nov 20, 2008 at 3:33 PM, Nikhil Wagholikar <visitnikhil () gmail com> wrote:Hello Maash, I agree with Taufiq's point. Fragmentation is just one technique to evade firewall, IDS/IPS etc. NMap was originally developed keeping in mind UNIX/Linux operating system. Later, it was ported to Microsoft Windows. So there are lots of switches/options in NMap, which executes perfectly in UNIX/Linux environment than on Microsoft Windows. One of the options is of 'fragmentation'. I would suggest you to run the same scan from a UNIX/Linux based system i.e. install NMap on a UNIX/Linux system and then run the same scan. I am sure, you'll get near to perfect results from it. Best of Luck !! --- NIKHIL WAGHOLIKAR Practice Lead | Security Assessment and Digital Forensics NII Consulting Web: http://www.niiconsulting.com/ Security Products: http://www.niiconsulting.com/products.html 2008/11/20 <maash.rajani () gmail com>I scanned a host with nmap using two set of parameters. 1) nmap -P0 -f -O 192.168.100.44 Warning: OS detection for 192.168.100.44 will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port All 1690 scanned ports on host233-226.xxxx.xxx.xx (192.168.100.44) are filt ered Device type: specialized|switch|WAP|printer|general purpose Running: Cisco IOS 12.X, D-Link embedded, Ember embedded, IBM embedded, Lexmark embedded, Minix OS details: Cisco DOCSIS cable modem termination server running IOS 12.1, Cisco Catalyst 6509 running IOS 12.1, D-Link DI-824VUP Wireless VPN Router, Ember InSi ght Adapter for programming EM2XX-family embedded devices, IBM 6400 Printer (sof tware version 7.0.9.6), Lexmark T632 Network Laser Printer, Minix 3.1.2a While in the second set of parameter i did not fragment the packets. 2) nmap -P0 -O 192.168.100.44 Warning: OS detection for 192.168.100.44 will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port Warning: OS detection will be MUCH less reliable because we did not find at lea st 1 open and 1 closed TCP port Interesting ports on host233-226.xxx.xxx.xx (192.168.100.44): Not shown: 1689 filtered ports PORT STATE SERVICE 443/tcp open https Device type: general purpose Running: IBM AIX 4.X, Microsoft Windows 2003/.NET|NT/2K/XP OS details: IBM AIX 4.3.2.0-4.3.3.0 on an IBM RS/*, Microsoft Windows 2003 Serve r or XP SP2 Uptime: 3.360 days (since Sun Nov 16 13:22:23 2008) My question is without fragmenting the packets how was nmap able to determine an open port. And what different did fragmentation make in OS detection. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report -------------------------------------------------------------------------- channel your energy into your mind look for the wave with no color
------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Nmap output maash . rajani (Nov 19)
- Re: Nmap output τ∂υƒιφ * (Nov 19)
- Re: Nmap output Michael Condon (Nov 20)
- RE: Nmap output Veal, Richard (Nov 20)
- Re: Nmap output Nikhil Wagholikar (Nov 20)
- Re: Nmap output ChromeSilver (Nov 20)
- Message not available
- Re: Nmap output Nikhil Wagholikar (Nov 21)