Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Are sX and sF broken on linux?

Are sX and sF broken on linux?

From: Alex R <alex_at_deviousmeans.net>
Date: Sun, 17 Oct 2004 16:50:36 +0200

Are sF and sX scans broken on 3.70? I'm running slackware-current with a
custom 2.6.8.1 kernel.

 

root_at_foo:~# nmap -sF -P0 -vv -O -p 1-65535 2k.lan

 

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2004-10-17 16:37
GMT+2

Initiating FIN Scan against 192.168.0.6 [65535 ports] at 16:37

The FIN Scan took 12.41s to scan 65535 total ports.

Warning: OS detection will be MUCH less reliable because we did not find at
least 1 open and 1 closed TCP port

Host 192.168.0.6 appears to be up ... good.

All 65535 scanned ports on 192.168.0.6 are: closed

MAC Address: 00:06:4F:06:AB:BD (Pro-nets Technology)

Device type: webcam|switch|general purpose

Running: AXIS embedded, Cisco embedded, IBM MVS, Microsoft Windows
95/98/ME|2003/.NET|NT/2K/XP

Too many fingerprints match this host to give specific OS details

TCP/IP fingerprint:

SInfo(V=3.70%P=i486-slackware-linux-gnu%D=10/17%Time=4172BBE9%O=-1%C=1)

T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)

T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)

T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)

PU(Resp=Y%DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)

 

Nmap run completed -- 1 IP address (1 host up) scanned in 24.284 seconds

root_at_foo:~# nmap -sX -P0 -vv -O -p 1-65535 2k.lan

 

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2004-10-17 16:38
GMT+2

Initiating XMAS Scan against 192.168.0.6 [65535 ports] at 16:38

The XMAS Scan took 12.50s to scan 65535 total ports.

Warning: OS detection will be MUCH less reliable because we did not find at
least 1 open and 1 closed TCP port

Host 192.168.0.6 appears to be up ... good.

All 65535 scanned ports on 192.168.0.6 are: closed

MAC Address: 00:06:4F:06:AB:BD (Pro-nets Technology)

Device type: webcam|switch|general purpose

Running: AXIS embedded, Cisco embedded, IBM MVS, Microsoft Windows
95/98/ME|2003/.NET|NT/2K/XP

Too many fingerprints match this host to give specific OS details

TCP/IP fingerprint:

SInfo(V=3.70%P=i486-slackware-linux-gnu%D=10/17%Time=4172BC34%O=-1%C=1)

T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)

T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)

T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)

PU(Resp=Y%DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)

 

Nmap run completed -- 1 IP address (1 host up) scanned in 24.248 seconds

 

 

root_at_foo:~# nmap -sS -P0 -O -p 1-65535 2k.lan

 

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2004-10-17 16:42
GMT+2

Interesting ports on 192.168.0.6:

(The 65517 ports scanned but not shown below are in state: closed)

PORT STATE SERVICE

53/tcp open domain

80/tcp open http

88/tcp open kerberos-sec

135/tcp open msrpc

139/tcp open netbios-ssn

389/tcp open ldap

445/tcp open microsoft-ds

464/tcp open kpasswd5

593/tcp open http-rpc-epmap

636/tcp open ldapssl

1025/tcp open NFS-or-IIS

1026/tcp open LSA-or-nterm

1028/tcp open unknown

1041/tcp open unknown

1060/tcp open unknown

2267/tcp open unknown

3268/tcp open globalcatLDAP

3269/tcp open globalcatLDAPssl

MAC Address: 00:06:4F:06:AB:BD (Pro-nets Technology)

Device type: general purpose

Running: Microsoft Windows 2003/.NET

OS details: Microsoft Windows .NET Enterprise Server (build 3604-3790)

 

Nmap run completed -- 1 IP address (1 host up) scanned in 23.979 seconds

 
Received on Oct 17 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos