Re: Nmap output

["Michael Condon" <admin () singulartechnologysolutions com>]

The -f option generates this message:
Warning: Packet fragmentation selected on a host other than Linux, OpenBSD, 
FreeBSD, or NetBSD.  This may or may not work.
> From my experience it does seem to hose up the OS detection a bit.
Try this:
nmap -sV -v -v -v -sS -T3 --osscan-limit -O -PN <target>
or
nmap -sV -v -v -v -sS -sU -T3 --osscan-limit -O -PN <target>

--------------------------------------------------
From: <maash.rajani () gmail com>
Sent: Wednesday, November 19, 2008 3:50 PM
To: <pen-test () securityfocus com>
Subject: Nmap output

> I scanned a host with nmap using two set of parameters.
>
> 1) nmap -P0 -f -O 192.168.100.44
>
> Warning:  OS detection for 192.168.100.44 will be MUCH less reliable 
> because we
> did not find at least 1 open and 1 closed TCP port
> All 1690 scanned ports on host233-226.xxxx.xxx.xx (192.168.100.44) are 
> filt
> ered
> Device type: specialized|switch|WAP|printer|general purpose
> Running: Cisco IOS 12.X, D-Link embedded, Ember embedded, IBM embedded, 
> Lexmark
> embedded, Minix
> OS details: Cisco DOCSIS cable modem termination server running IOS 12.1, 
> Cisco
> Catalyst 6509 running IOS 12.1, D-Link DI-824VUP Wireless VPN Router, 
> Ember InSi
> ght Adapter for programming EM2XX-family embedded devices, IBM 6400 
> Printer (sof
> tware version 7.0.9.6), Lexmark T632 Network Laser Printer, Minix 3.1.2a
>
>
>
>
>
> While in the second set of parameter i did not fragment the packets.
>
> 2) nmap -P0 -O 192.168.100.44
>
> Warning:  OS detection for 192.168.100.44 will be MUCH less reliable 
> because we
> did not find at least 1 open and 1 closed TCP port
> Warning:  OS detection will be MUCH less reliable because we did not find 
> at lea
> st 1 open and 1 closed TCP port
> Interesting ports on host233-226.xxx.xxx.xx (192.168.100.44):
> Not shown: 1689 filtered ports
> PORT    STATE SERVICE
> 443/tcp open  https
> Device type: general purpose
> Running: IBM AIX 4.X, Microsoft Windows 2003/.NET|NT/2K/XP
> OS details: IBM AIX 4.3.2.0-4.3.3.0 on an IBM RS/*, Microsoft Windows 2003 
> Serve
> r or XP SP2
> Uptime: 3.360 days (since Sun Nov 16 13:22:23 2008)
>
>
>
>
> My question is without fragmenting the packets how was nmap able to 
> determine an open port.
> And what different did fragmentation make in OS detection.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Security Trends Report from Cenzic
> Stay Ahead of the Hacker Curve!
> Get the latest Q2 2008 Trends Report now
>
> www.cenzic.com/landing/trends-report
> ------------------------------------------------------------------------

Attachment: smime.p7s
Description: