Home page logo

nmap-dev logo Nmap Development mailing list archives

Version detection of Ldap Service using nmap
From: "Anil Kumar D.K" <anil.dk () eximsoft com>
Date: Fri, 5 Dec 2003 10:48:37 +0530

Hi all,

I am trying to find version of ldap service using nmap.

nmap -p389 -A

For Microsoft Active directory, I am getting the right information. (As the match string already exists in 
nmap-service-probes file)

I would like to find version of ldap service of the following vendors
Critical Path Directory Service 4.2
Siemens Directory DirX 6.0

For Critical Path Directory Service 4.2, I got the service finger print as below

D:\nmap-3.48>nmap -p1702 -A
Starting nmap 3.48 ( http://www.insecure.org/nmap ) at 2003-12-05 10:35 India Standard Time
Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Interesting ports on EWSMC280 (
1702/tcp open  unknown
1 service unrecognized despite returning data. If you know the service/version,please submit the following fingerprint 
at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
Device type: general purpose
Running: Microsoft Windows 95/98/ME|NT/2K/XP
OS details: Microsoft Windows Millennium Edition (Me), Windows 2000 Professional
 or Advanced Server, or Windows XP

Nmap run completed -- 1 IP address (1 host up) scanned in 13.570 seconds

I have submitted the fingerprint to http://www.insecure.org/cgi-bin/servicefp-submit.cgi
I tried to use the match string "0\x0c\x02\x01\x01a\x07\n\x01\0\x04\0\x04\0" in the nmap-service-probes for Ldap service
But this string matches even for openLDAP 1.4.x

Is there any way to get a unique string for each ldap product?
Any help will be really appreciated.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]