I am trying to find version of ldap service using nmap.
nmap 10.10.40.223 -p389 -A
For Microsoft Active directory, I am getting the right information.
(As the match string already exists in nmap-service-probes file)
I would like to find version of ldap service of the following vendors
Critical Path Directory Service 4.2
Siemens Directory DirX 6.0
For Critical Path Directory Service 4.2, I got the service finger
print as below
D:\nmap-3.48>nmap 10.10.40.223 -p1702 -A
Starting nmap 3.48 ( http://www.insecure.org/nmap ) at 2003-12-05
10:35 India Standard Time
Warning: OS detection will be MUCH less reliable because we did not
find at least 1 open and 1 closed TCP port
Interesting ports on EWSMC280 (10.10.40.223):
PORT STATE SERVICE VERSION
1702/tcp open unknown
1 service unrecognized despite returning data. If you know the
service/version,please submit the following fingerprint at
Device type: general purpose
Running: Microsoft Windows 95/98/ME|NT/2K/XP
OS details: Microsoft Windows Millennium Edition (Me), Windows 2000
or Advanced Server, or Windows XP
Nmap run completed -- 1 IP address (1 host up) scanned in 13.570
I have submitted the fingerprint to
I tried to use the match string
"0\x0c\x02\x01\x01a\x07\n\x01\0\x04\0\x04\0" in the
nmap-service-probes for Ldap service
But this string matches even for openLDAP 1.4.x
Is there any way to get a unique string for each ldap product?
Any help will be really appreciated.