Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Why does nmap fingerprint the application by using the standard probes
From: Martin Mačok <martin.macok () underground cz>
Date: Fri, 13 Feb 2004 14:36:21 +0100

On Thu, Feb 12, 2004 at 08:35:20PM -0800, alan donald wrote:

Why is nmap not sending probes very specific to that application.

The set of the probes should be minimal as there are often
ports/services that does not respond to anything. With each probe you
have to wait for the eventual answer for some time (5s by default) so
it is basically a performance issue.

Fyodor told me that he plans (or already is working on) rewriting
version scan so this may not be true for future releases.

Therefore using this aproach can we totally rely on nmap to tell us
the application version each time or not?

You shouldn't totally rely on *any* tool! ;-)

Anyway, it's just a banner grabbing so it's not reliable anyway, one
can always fake it.

The version scan is not ideal/optimal but it's pretty accurate and
fast in *most* cases which is the goal. It saves me a lot of time when
digging through a large number of target hosts ...

Martin Mačok

For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]