Penetration Testing mailing list archives
RE: Nmap output
From: "Veal, Richard" <rveal () westernpower co uk>
Date: Thu, 20 Nov 2008 09:23:46 -0000
Or for the same command (with less typing!) -vvv, if you really wanted that level of verbosity -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Michael Condon Sent: 20 November 2008 08:06 To: maash.rajani () gmail com; pen-test () securityfocus com Subject: Re: Nmap output The -f option generates this message: Warning: Packet fragmentation selected on a host other than Linux, OpenBSD, FreeBSD, or NetBSD. This may or may not work. From my experience it does seem to hose up the OS detection a bit. Try this: nmap -sV -v -v -v -sS -T3 --osscan-limit -O -PN <target> or nmap -sV -v -v -v -sS -sU -T3 --osscan-limit -O -PN <target> -------------------------------------------------- From: <maash.rajani () gmail com> Sent: Wednesday, November 19, 2008 3:50 PM To: <pen-test () securityfocus com> Subject: Nmap output
I scanned a host with nmap using two set of parameters. 1) nmap -P0 -f -O 192.168.100.44 Warning: OS detection for 192.168.100.44 will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port All 1690
scanned ports on host233-226.xxxx.xxx.xx (192.168.100.44) are filt ered Device type: specialized|switch|WAP|printer|general purpose Running: Cisco IOS 12.X, D-Link embedded, Ember embedded, IBM embedded, Lexmark embedded, Minix OS details: Cisco DOCSIS cable modem
termination server running IOS 12.1, Cisco Catalyst 6509 running IOS 12.1, D-Link DI-824VUP Wireless VPN Router, Ember InSi ght Adapter for
programming EM2XX-family embedded devices, IBM 6400 Printer (sof tware
version 7.0.9.6), Lexmark T632 Network Laser Printer, Minix 3.1.2a While in the second set of parameter i did not fragment the packets. 2) nmap -P0 -O 192.168.100.44 Warning: OS detection for 192.168.100.44 will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port Warning: OS detection will be MUCH less reliable because we did not find at lea st 1 open and 1 closed TCP port Interesting ports on host233-226.xxx.xxx.xx (192.168.100.44): Not shown: 1689 filtered ports PORT STATE SERVICE 443/tcp open https Device type: general purpose Running: IBM AIX 4.X, Microsoft Windows 2003/.NET|NT/2K/XP OS details:
IBM AIX 4.3.2.0-4.3.3.0 on an IBM RS/*, Microsoft Windows 2003 Serve r
or XP SP2 Uptime: 3.360 days (since Sun Nov 16 13:22:23 2008) My question is without fragmenting the packets how was nmap able to determine an open port. And what different did fragmentation make in OS detection. ---------------------------------------------------------------------- -- This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ---------------------------------------------------------------------- --
Western Power Distribution (South West) plc / Western Power Distribution (South Wales) plc Registered in England and Wales Registered number: 2366894 (South West) / 2366985 (South Wales) Registered Office: Avonbank, Feeder Road, Bristol, BS2 0TB This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmaster () westernpower co uk ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Nmap output maash . rajani (Nov 19)
- Re: Nmap output τ∂υƒιφ * (Nov 19)
- Re: Nmap output Michael Condon (Nov 20)
- RE: Nmap output Veal, Richard (Nov 20)
- Re: Nmap output Nikhil Wagholikar (Nov 20)
- Re: Nmap output ChromeSilver (Nov 20)
- Message not available
- Re: Nmap output Nikhil Wagholikar (Nov 21)