mailing list archives
Re: NMAP Discrepancy
From: David Fifield <david () bamsoftware com>
Date: Tue, 24 May 2011 09:36:59 -0700
On Tue, May 24, 2011 at 02:36:58PM +0300, Toni Ruottu wrote:
Try adding --version-trace to the command line, and tell us if you are
able to figure it out.
On Tue, May 24, 2011 at 2:33 PM, Michael Lubinski
<michael.lubinski () gmail com> wrote:
Anybody know why NMAP reports differences every so often with the same port.
-3389/tcp open microsoft-rdp Microsoft Terminal Service
This is running on a Win7 box, with NMAP 5.51.
The same scan is run every time, sometimes it displays the service (using
the -sV switch) and sometimes not?
It's strange that the service name is blank instead of "microsoft-rdp?",
which is what it would be if none of the service probes matched. It
could be a bug in the service database.
Toni's suggestion is good, but I would use -d2 instead of
--version-trace so that you don't see a bunch of Nsock messages. The
lines you are looking for are like this:
Scanning 2 services on scanme.nmap.org (18.104.22.168)
Starting probes against new service: 22.214.171.124:22 (tcp)
Starting probes against new service: 126.96.36.199:80 (tcp)
Service scan sending probe NULL to 188.8.131.52:22 (tcp)
Service scan sending probe NULL to 184.108.40.206:80 (tcp)
Service scan match (Probe NULL matched with NULL line 2487): 220.127.116.11:22 is ssh. Version: |OpenSSH|5.3p1 Debian
Service scan sending probe GetRequest to 18.104.22.168:80 (tcp)
Service scan match (Probe GetRequest matched with GetRequest line 4688): 22.214.171.124:80 is http. Version: |Apache
Completed Service scan at 09:35, 6.04s elapsed (2 services on 1 host)
You should see either a "matched" line with a line number, or else see
all the probes be tested with no result.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/