Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: Nmap 4.75 Posted!

Re: Nmap 4.75 Posted!

From: Ron <ron_at_skullsecurity.net>
Date: Mon, 08 Sep 2008 07:02:58 -0500

Aaron Leininger wrote:
> nmap 4.75 compiles fine on my debian box. I ran it on a box on my network and got the following:
> $ sudo nmap -sS my_target
>
> Starting Nmap 4.75 ( http://nmap.org ) at 2008-09-08 09:27 PDT
> Warning: File ./nmap-services exists, but Nmap is using /usr/local/share/nmap/nmap-services for security and consistency reasons. set NMAPDIR=. to give priority to files in your local directory (may affect the other data files too).
> Interesting ports on ths-aleininger-desktop.ttsd.k12.or.us (my_target):
> Not shown: 986 closed ports
> PORT STATE SERVICE
> 135/tcp open msrpc
> 139/tcp open netbios-ssn
> 445/tcp open microsoft-ds
> 1049/tcp open unknown
> 1050/tcp open java-or-OTGfileshare
> 2701/tcp open unknown
> 2702/tcp open unknown
> 5800/tcp open vnc-http
> 5900/tcp open vnc
> 8192/tcp open unknown
> 8193/tcp open unknown
> 8194/tcp open unknown
> 16992/tcp open unknown
> 16993/tcp open unknown
> MAC Address: 00:1C:C0:4E:3A:E7 (Intel Corporate)
>
> Nmap done: 1 IP address (1 host up) scanned in 1.56 seconds
>
>
> Compare that to the output of nmap 4.68 using the same command and same host:
> -------------------------------------------------------------------------------------------------
> Starting Nmap 4.68 ( http://nmap.org ) at 2008-09-08 09:31 PDT
> Interesting ports on my_target:
> Not shown: 1709 closed ports
> PORT STATE SERVICE
> 135/tcp open msrpc
> 139/tcp open netbios-ssn
> 445/tcp open microsoft-ds
> 1050/tcp open java-or-OTGfileshare
> 5800/tcp open vnc-http
> 5900/tcp open vnc
>
> Nmap done: 1 IP address (1 host up) scanned in 1.385 seconds
>
> I ran a test with hping on port 16992 shown in 4.75 as open with the following results:
> # hping -S -p 16992 -c 1 my_target
> HPING 10.4.0.106 (eth0 10.4.0.106): S set, 40 headers + 0 data bytes
> len=46 ip=10.4.0.106 ttl=128 DF id=16544 sport=16992 flags=SA seq=0 win=64512 rtt=0.5 ms
>
> It did come back with SYN and ACK flagged so it seems as if 4.75 is correct. What is odd is that 4.68 doesn't show those ports. Is 4.75 set to scan a larger range of ports by default?
> Aaron

Hey Aaron,

Yes, they added a bunch of "frequency" checks for ports. More info here:

http://seclists.org/nmap-dev/2008/q3/0642.html

Ron

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Sep 08 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos