Home page logo
/

basics logo Security Basics mailing list archives

don't understand the output of nmap -sV
From: "Lentes, Bernd" <bernd.lentes () helmholtz-muenchen de>
Date: Sat, 14 Dec 2013 01:50:20 +0100

Hi,

i try to check if a SNMP service is available. I did the following:

pc59093:~ # nmap -sU -sV -p161,162 pc53200

The response was:

Starting Nmap 4.75 ( http://nmap.org ) at 2013-12-13 21:59 CET
Interesting ports on pc53200.xxxxxxxxxxxxx:
PORT    STATE SERVICE VERSION
161/udp open  snmp    SNMPv3 server
162/udp open  snmp    SNMPv3 server
2 services unrecognized despite returning data. If you know the service/version, please submit the following 
fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port161-UDP:V=4.75%I=7%D=12/13%Time=52AB752E%P=x86_64-suse-linux-gnu%r(
SF:SNMPv3GetRequest,73,"0q\x02\x01\x030\x0f\x02\x02Ji\x02\x03\0\xff\xe3\x0
SF:4\x01\0\x02\x01\x03\x04\$0\"\x04\x11\x80\0\x1f\x88\x80\xc0d\xa6d7\xcb\x
SF:89H\0\0\0\0\x02\x02\x03\x19\x02\x03\x01i\xf2\x04\0\x04\0\x04\x0005\x04\
SF:x11\x80\0\x1f\x88\x80\xc0d\xa6d7\xcb\x89H\0\0\0\0\x04\0\xa8\x1e\x02\x02
SF:7\xf0\x02\x01\0\x02\x01\x000\x120\x10\x06\n\+\x06\x01\x06\x03\x0f\x01\x
SF:01\x04\0A\x02\x01\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port162-UDP:V=4.75%I=7%D=12/13%Time=52AB7551%P=x86_64-suse-linux-gnu%r(
SF:SNMPv3GetRequest,56,"0T\x02\x01\x030\x0e\x02\x02Ji\x02\x02\x05\xdc\x04\
SF:x01\0\x02\x01\x03\x04\x1a0\x18\x04\x07initial\x02\x01\x01\x02\x04\0\xb2
SF:\x1d\x06\x04\0\x04\0\x04\x000#\x04\0\x04\0\xa8\x1d\x02\x027\xf0\x02\x01
SF:\0\x02\x01\x000\x110\x0f\x06\n\+\x06\x01\x06\x03\x0f\x01\x01\x04\0A\x01
SF:\0");

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 46.56 seconds


On one hand, the response said it's a SNMPv3 server. On the other hand nmap said it can't recognize the service.
That does not make sense to me.

Thanks for any help


Bernd


--
Bernd Lentes

Systemadministration
Institut für Entwicklungsgenetik
Gebäude 35.34 - Raum 208
HelmholtzZentrum münchen
bernd.lentes () helmholtz-muenchen de
phone: +49 89 3187 1241
fax:   +49 89 3187 2294
http://www.helmholtz-muenchen.de/idg

Die Freiheit wird nicht durch weniger Freiheit verteidigt

Helmholtz Zentrum München
Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH)
Ingolstädter Landstr. 1
85764 Neuherberg
www.helmholtz-muenchen.de
Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe
Geschäftsführer: Prof. Dr. Günther Wess, Dr. Nikolaus Blum, Dr. Alfons Enhsen
Registergericht: Amtsgericht München HRB 6466
USt-IdNr: DE 129521671

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault